Help with HJT log

khany

Hello,

I have followed word by word the Sticky instructions "Steps to Take Before Posting a HJT log and enclose:

1. Panda Active Scan Report

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Proces s.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restar t.exe
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-2e0edbcd[MagicApplet.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-2e0edbcd[OwnClassLoader.class]
Virus:Trj/ClassLoader.AF Disinfected C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-2e0edbcd[Installer.class]
Virus:Malware Generic Disinfected C:\temp\TECHCD9\SrvPacks\MSWINXP\Microsoft Windows XP Service Pack 1 - Crack & Keygen\WindowsXP Product Key Viewer.exe
2. Kaspersky Scan Report

---

KASPERSKY ONLINE SCANNER REPORT
Thursday, June 28, 2007 7:59:19 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/06/2007
Kaspersky Anti-Virus database records: 354709

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 83430
Number of viruses found: 6
Number of infected objects: 13 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:21:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot .exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\471c1e7b7692 e870564d70085cca0f2b_06e823e8-6e87-4155-8e70-17bf3e82c515 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-2eb420c5/OP.class Infected: Trojan-Downloader.Java.OpenStream.ab skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-2eb420c5 ZIP: infected - 1 skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERAN TISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\History\History.IE5\MSHist012007062720070 628\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\ntuser.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zahrah\.net.txt Object is locked skipped
C:\Documents and Settings\Zahrah\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Adobe Reader 7.0.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\AVG Free.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Encarta Dictionary Tools.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Encarta Kids DVD.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Encarta Reference Library DVD 2005.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Free Games & Music.url Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\iTunes.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Messenger Home Page.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Access 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Excel 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office InfoPath 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Outlook 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office PowerPoint 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Publisher 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Word 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\MSN Messenger 7.5.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\PowerDVD.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Skype.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Unused Desktop Shortcuts\Shortcut to backup.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Unused Desktop Shortcuts\Shortcut to E-mail.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\WinZip.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Microsoft Office PowerPoint 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Microsoft Office Word 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zahrah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\01 Jhalak Dikhla Ja_dhol mix-Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\02 Tera Surroor_remix- Aap Kaa Surroor.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\03 Jhoom Jhoom_remix-Tom Dick and Harry.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\04 Tum Saanson Mein_remix- Humko Deewana Kar Gaye.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\05 Tere Sang Ishq_remix -Tom Dick Harry.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\06 Fanah_remix- Humko Deewaan Kar Gaye.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\07 Naam Hai Tera_remix- Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\08 Jhalak Dikhla Ja_remix -Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\09 Mohabbat ki _remix - Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\10 Jeene ke hain chaar din- Mujse Shaadi Karogi.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\11 Gori Gori- Main hoon Na.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\12 O Jaana- Tere Naam.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\13 Wo Ladki Hai Kahan- Dil Chahta hai.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\14 Soniye_remix - Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\15 Ek kunwara- masti.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Addictive (Bhangra mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\ah_yea-doni.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\amar arshi.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\be_easy(koi_naa)-nivla_ft_p_oberoi.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Hai Hai (2-step mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Jatt Marda (B-Boy mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\javani-sir_aah_&_taz(promo).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\moonshine savage n akon.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Pyar Di Nishani (DMX mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\raxstar_&_sunit-keep_it_undercover(promo).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\smoke_in_the_air-kat_eyez.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\tatu-all the things she said.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\the_general-raja_wilco.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\track1.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\track5 sone yaar da.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\T Pain\t-pain im sprung.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\03 03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\05 05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\06 06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\07 07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\09 09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\15 15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\17 17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\18 Track 18.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\19 Track 19.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\20 Track 20.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\21 Track 21.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\22 Track 22.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\01 Kaho Naa Kahoo.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\02 Beehgay Hoont Terray.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\16 Track 16.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\18 Track 18.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\19 Track 19.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\20 Track 20.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\21 Track 21.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\22 Track 22.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Mario\18 Track 18.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Metz and Trix\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\16 Track 16.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Unknown Album (9-5-2005 21-08-23)\17 17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Unknown Album (9-5-2005 21-08-23)\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Usher\19 Track 19.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\AlbumArt_{B44A7213-3783-41A0-9E2D-D851FF5C1479}_Large.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\AlbumArt_{B44A7213-3783-41A0-9E2D-D851FF5C1479}_Small.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\Folder.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\03-rihanna-unfaithful.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\07 Bingo Bango - Basement Jaxx.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\03 03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\04 04 Track 4 (2).wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\04 04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\05 05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\06 06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\07 07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\08 08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\10 10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\11 11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\13 13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\14 14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\16 16 Track 16.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Shaggy - Angel.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin 2.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin 3.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin 4.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Me and jake.wmv Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\nailah\Nailahs work\weather.doc Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\ZAHRAH\Sleeping dua.doc Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\ZAHRAH\Wireless PassPhrase.txt.txt Object is locked skipped
C:\Documents and Settings\Zahrah\ntuser.ini Object is locked skipped
C:\Documents and Settings\Zahrah\Saved Games\Oberon Games\Dream Day Wedding\ddw.save Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\49U78TEN\iconState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\49U78TEN\iconState[2].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\4HU3SDEV\iconState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\81ER0XQ7\oWindowsUpdate[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\81ER0XQ7\showHideState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\S9IBSP2Z\showHideState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\S9IBSP2Z\showHideState[2].xml Object is locked skipped
C:\Documents and Settings\Zahrah\WhiteCap (Holiday Edition) Prefs (Windows Media Player).txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104228.dll Infected: not-a-virus:AdWare.Win32.Comet.bb skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104240.exe Infected: not-a-virus:FraudTool.Win32.SpyHeal.e skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP608\A0104252.dll Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP608\change.log Object is locked skipped
C:\temp\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\temp\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\temp\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\temp\TECHCD9\SrvPacks\MSWINXP\Microsoft Windows XP Service Pack 1 - Crack & Keygen\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\TECHCD9\SrvPacks\MSWINXP\Microsoft Windows XP Service Pack 1 - Crack & Keygen\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\TECHCD9\SrvPacks\MSWINXP\Microsoft Windows XP Service Pack 1 - Crack & Keygen\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\TECHCD9\SrvPacks\MSWINXP\Microsoft Windows XP Service Pack 1 - Crack & Keygen\keyfinder.exe RarSFX: infected - 3 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

3. The HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 09:21:28, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1150646048288
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe


Please please help me out if you can.

Trogan

Hi Khany,

What can you tell me about these?

C:\temp\TECHCD9\SrvPacks\MSWINXP\Microsoft Windows XP Service Pack 1 - Crack & Keygen\keyfinder.exe
C:\temp\TECHCD9\SrvPacks\MSWINXP\Microsoft Windows XP Service Pack 1 - Crack & Keygen\WindowsXP Product Key Viewer.exe

We refuse to help those who are infected due to cracks on their computer.

khany

Hello Trogan,

First of all this is my sister's computer and is mainly used by her niece.

I am sure that with your experience in IT you hear this all the time but I can promise to you that I am not aware of what the files are, where they come from, what they do or anything of the sort.

I appreciate your response and will speak to my sister and niece about it.

Best regards,

Frank

Trogan

Hi Frank,

Please let me know what is said about it, and I will help you clean the computer.

Thanks!

khany

Hello Trogan,

I have spoken to my niece about it and if you only knew her I am sure you would believe her. Apparently, everytime she has a problem with the computer she gives it to a friend of hers at the school she goes to and asks him for help.

She is computer literate from a user perspective with regards to Office and music downloads but not much more than that. In any case I have asked her not to let anyone else use the computer and as I spend most of my time travelling I have given her a friend of mine's details for any future problems.

In any case I would appreciate if if you would tell me what illegal things are on the computer so I can remove them. At the same time, I perfectly understand your policy of no support for illegal things and would look for an alternative solution if you deem it necessary.

Thanks again and best regards,

Frank

Trogan

Hi Frank,

Lets clean the computer...

1. Find and delete the following in RED:

C:\temp\TECHCD9 <-- The whole of this Folder

2. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:

• Windows Temp
• Current User Temp
• All Users Temp
• Temporary Internet Files
• Prefetch
• Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

3. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Do not automatically generate reports
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode and post a new HijackThis log, along with the AVG Anti-Spyware log.

khany

Hello again Trogan,

Thanks for helping me out.

I have completed the steps in your previous thread but now I am having problems connecting to the internet using the infected computer so I am using my own computer to communicate with you.

I get the message " This connection has limited or no connectivity ...." and when I try to repair the Wireless network connection I get the message that Windows cannot repair the connection because it cannot complete the action of renewing the IP address.

I have copied the two reports you requested onto my memory stick in order to send them to you from this computer and they are:

1. AVG Scan report

---

AVG Anti-Spyware - Scan Report

---

+ Created at: 00:54:27 30/06/2007

+ Scan result:



C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104228.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP608\A0104252.dll -> Adware.Comet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1220945662-1993962763-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104240.exe -> Adware.Spylocked : Cleaned with backup (quarantined).
C:\Documents and Settings\Shaheen.A1C5F490406843B\Cookies\shaheen@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.


::Report end


2. New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 01:16:14, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150646048288
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

Hope to hear from you soon.

Best regards,

Frank

Trogan

Hi Franck,

That is strange. The instructions above would not have caused the Internet to not work.

Could you do this please. You may need to transfer the logs.

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

khany

Hi Trogan,

I am now using the computer at work and I have had no problems whatsoever in connecting to the internet with the affected computer.

I enclose rapport.txt and also a new HJT log

1. Rapport

SmitFraudFix v2.197

Scan done at 10:33:12.70, 30/06/2007
Run from C:\Documents and Settings\Shaheen.A1C5F490406843B\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Shaheen.A1C5F490406843B


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SHAHEE~1.A1C\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered"

[HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@=&quot;C:\WINDOWS\system32\dooep.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@=&quot;C:\WINDOWS\system32\dooep.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{133577A1-1E74-407F-A92E-5BFB0D66D8AD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA6146E4-B3B5-4828-BAC3-4850AB76AA0B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{133577A1-1E74-407F-A92E-5BFB0D66D8AD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA6146E4-B3B5-4828-BAC3-4850AB76AA0B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{133577A1-1E74-407F-A92E-5BFB0D66D8AD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EA6146E4-B3B5-4828-BAC3-4850AB76AA0B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



2. New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 10:38:23, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150646048288
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe


I await your instructions.

Frank

Trogan

Hi Frank! I'm glad the Internet is back.

Please do the following...

1. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

2. Download this file to your Desktop - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

3. Please post the following...

• SmitfraudFix report
• ComboFix log
• New HijackThis log

khany

Hi Trogan

Enclosed:

1.Smitfraud Fix Report
2. ComboFix Log and
3. New HJT Log

1.

SmitFraudFix v2.197

Scan done at 10:56:47.53, 30/06/2007
Run from C:\Documents and Settings\Shaheen.A1C5F490406843B\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered"

[HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@=&quot;C:\WINDOWS\system32\dooep.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@=&quot;C:\WINDOWS\system32\dooep.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{133577A1-1E74-407F-A92E-5BFB0D66D8AD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA6146E4-B3B5-4828-BAC3-4850AB76AA0B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{133577A1-1E74-407F-A92E-5BFB0D66D8AD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA6146E4-B3B5-4828-BAC3-4850AB76AA0B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{133577A1-1E74-407F-A92E-5BFB0D66D8AD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EA6146E4-B3B5-4828-BAC3-4850AB76AA0B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


2.

"Shaheen" - 2007-06-30 11:05:48 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\SHAHEE~1.A1C\Desktop\internet.lnk
C:\WINDOWS\system32\u2g.f
C:\WINDOWS\system32\UBSauthenticateAXC.ocx
C:\WINDOWS\system32\winiconmon.ico
C:\WINDOWS\system32\winiconmon.ico.bak0


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-30 11:05 49,152 --a

---

C:\WINDOWS\nircmd.exe
2007-06-30 10:17 <DIR> d

---

C:\DOCUME~1\Guest\APPLIC~1\Comodo
2007-06-28 09:04 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Comodo
2007-06-28 09:04 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-28 09:01 <DIR> d

---

C:\Program Files\Comodo
2007-06-27 23:17 <DIR> d

---

C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 22:10 <DIR> d

---

C:\WINDOWS\system32\ActiveScan
2007-06-27 22:06 <DIR> d

---

C:\Program Files\SpywareBlaster
2007-06-27 20:55 <DIR> d

---

C:\Program Files\Lavasoft
2007-06-27 20:55 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Lavasoft
2007-06-27 18:13 <DIR> d

---

C:\Program Files\SUPERAntiSpyware
2007-06-27 18:13 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 18:13 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 18:12 <DIR> d

---

C:\Program Files\Common Files\Wise Installation Wizard
2007-06-20 21:55 <DIR> d

---

C:\Program Files\Windows Live
2007-06-04 22:35 98,304 --a

---

C:\WINDOWS\system32\CmdLineExt.dll
2007-06-04 22:30 <DIR> d

---

C:\Program Files\DSA Theory Test
2007-05-31 10:33 <DIR> d

---

C:\DOCUME~1\Guest\APPLIC~1\Starware347
2007-05-30 19:55 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347
2007-05-30 19:55 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347
2007-05-27 22:29 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
2007-05-27 13:44 85,376 --a

---

C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-27 13:44 5,504 --a

---

C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-27 13:44 19,328 --a

---

C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-27 13:44 17,024 --a

---

C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-27 13:44 15,360 --a

---

C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-27 13:44 11,136 --a

---

C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-27 13:44 10,880 --a

---

C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-27 13:43 53,760 --a

---

C:\WINDOWS\system32\vfwwdm32.dll
2007-05-27 13:42 527,136 --a

---

C:\WINDOWS\system32\LVUI2RC.dll
2007-05-27 13:42 490,784 --a

---

C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-05-27 13:42 41,504 --a

---

C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-05-27 13:42 348,160 --a

---

C:\WINDOWS\system\msvcr71.dll
2007-05-27 13:42 264,992 --a

---

C:\WINDOWS\system32\lvcodec2.dll
2007-05-27 13:42 215,840 --a

---

C:\WINDOWS\system32\LVUI2.dll
2007-05-27 13:42 13,398 --a

---

C:\WINDOWS\system32\Repository.reg
2007-05-27 13:42 129,824 --a

---

C:\WINDOWS\system32\lvci1051.dll
2007-05-27 13:41 <DIR> d

---

C:\Program Files\Common Files\LogiShrd
2007-05-27 13:41 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-05-27 13:41 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-05-27 13:39 <DIR> d

---

C:\Program Files\Logitech
2007-05-26 17:41 <DIR> d

---

C:\Program Files\Common Files\xing shared
2007-05-26 17:36 <DIR> d

---

C:\My Downloads
2007-05-22 20:24 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Apple Computer
2007-05-16 16:27 <DIR> d-a

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-12 18:50 <DIR> d

---

C:\Program Files\Veoh Networks
2007-05-04 22:39 <DIR> d

---

C:\Program Files\MSBuild
2007-05-04 22:35 <DIR> d

---

C:\WINDOWS\system32\XPSViewer
2007-05-04 22:34 <DIR> d

---

C:\Program Files\Reference Assemblies
2007-05-04 22:33 14,048

---

C:\WINDOWS\system32\spmsg2.dll
2007-05-04 22:18 <DIR> d

---

C:\Program Files\iTunes
2007-05-04 22:15 <DIR> d

---

C:\Program Files\Apple Software Update
2007-05-04 22:10 2,560

---

C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-04 22:10 2,432

---

C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-04 22:10 129,784

---

C:\WINDOWS\system32\pxafs.dll
2007-05-04 22:00 37,860,928 --a

---

C:\temp\iTunesSetup.exe
2007-05-04 22:00 21,822,168 --a

---

C:\temp\AdbeRdr80_en_US.exe
2007-05-04 22:00 14,764,808 --a

---

C:\temp\DivXInstaller.exe
2007-05-04 22:00 13,801,120 --a

---

C:\temp\jre-6u1-windows-i586-p-s.exe
2007-05-04 21:55 <DIR> d

---

C:\Program Files\MSXML 6.0
2007-05-04 21:54 36,352

---

C:\WINDOWS\system32\tsgqec.dll
2007-05-04 21:54 288,768

---

C:\WINDOWS\system32\rhttpaa.dll
2007-05-04 21:54 116,736

---

C:\WINDOWS\system32\aaclient.dll
2007-05-02 21:12 <DIR> d

---

C:\Program Files\Messenger Plus! Live
2007-05-02 20:02 2,494 --a

---

C:\WINDOWS\system32\tmp.reg
2007-05-02 19:58 874,161 --a

---

C:\temp\SmitfraudFix.exe
2007-05-02 19:49 <DIR> d

---

C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-05-02 19:04 524,288 --a

---

C:\WINDOWS\system32\DivXsm.exe
2007-05-02 19:04 3,596,288 --a

---

C:\WINDOWS\system32\qt-dx331.dll
2007-05-02 19:04 200,704 --a

---

C:\WINDOWS\system32\ssldivx.dll
2007-05-02 19:04 1,044,480 --a

---

C:\WINDOWS\system32\libdivx.dll
2007-05-02 19:02 73,728 --a

---

C:\WINDOWS\system32\dpl100.dll
2007-05-02 19:02 593,920 --a

---

C:\WINDOWS\system32\dpuGUI11.dll
2007-05-02 19:02 57,344 --a

---

C:\WINDOWS\system32\dpv11.dll
2007-05-02 19:02 53,248 --a

---

C:\WINDOWS\system32\dpuGUI10.dll
2007-05-02 19:02 344,064 --a

---

C:\WINDOWS\system32\dpus11.dll
2007-05-02 19:02 294,912 --a

---

C:\WINDOWS\system32\dpu11.dll
2007-05-02 19:02 294,912 --a

---

C:\WINDOWS\system32\dpu10.dll
2007-05-02 19:02 196,608 --a

---

C:\WINDOWS\system32\dtu100.dll
2007-05-02 19:01 823,296 --a

---

C:\WINDOWS\system32\divx_xx0c.dll
2007-05-02 19:01 823,296 --a

---

C:\WINDOWS\system32\divx_xx07.dll
2007-05-02 19:01 802,816 --a

---

C:\WINDOWS\system32\divx_xx11.dll
2007-05-02 19:01 740,442 --a

---

C:\WINDOWS\system32\DivX.dll
2007-05-02 03:33 124,472 --a

---

C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-05-02 03:33 12,288 --a

---

C:\WINDOWS\system32\DivXWMPExtType.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 21:55:22

---

d

---

w C:\Program Files\Windows Defender
2007-06-27 21:53:35

---

d

---

w C:\Program Files\MSN Messenger
2007-06-27 08:55:24

---

d

---

w C:\Program Files\Google
2007-06-20 21:02:07

---

d

---

w C:\Program Files\MSN Games
2007-05-29 11:13:14

---

d

---

w C:\Program Files\Windows Live Safety Center
2007-05-26 16:41:19

---

d

---

w C:\Program Files\Common Files\Real
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 17:53:21

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-05-04 21:18:21

---

d

---

w C:\Program Files\iPod
2007-05-04 21:17:13

---

d

---

w C:\Program Files\QuickTime
2007-05-04 21:11:01

---

d

---

w C:\Program Files\DivX
2007-05-02 18:04:15 36,624

---

w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-02 18:04:14 118,520

---

w C:\WINDOWS\system32\pxinsi64.exe
2007-05-02 18:04:14 116,472

---

w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-28 17:32:08

---

d

---

w C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\uTorrent
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 09:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-26 17:40]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-28 09:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\longsoft]
C:\DOCUME~1\Zahrah\APPLIC~1\BINDMU~1\Kind Ace Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\this test admin mix]
C:\Documents and Settings\All Users\Application Data\Hope link this test\build extra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


Contents of the 'Scheduled Tasks' folder
2007-06-30 00:00:00 C:\WINDOWS\tasks\A8575CBA9184D356.job
2007-06-05 20:34:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-28 01:09:05 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 11:09:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-30 11:09:57
C:\ComboFix-quarantined-files.txt ... 2007-06-30 11:09

--- E O F ---

3.

Logfile of HijackThis v1.99.1
Scan saved at 11:11:19, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150646048288
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe


Best regards,

Frank

Trogan

Hi Frank! Almost there...

Please do the following...

1. Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it

• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log in your next reply.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--

2. Rescan with ComboFix and it will produce a new log.

3. I need to see another log from HijackThis.

• Run Hijackthis.
• Click on Open the Misc Tools section.
• Next click on Open uninstall manager.
• Press the Save list button.
• Save the file to your desktop, with the default name of uninstall_list
• Copy & Paste the entire contents of that file in your in your next post.

4. Please post the following...

• NoLop log
• New ComboFix log
• Uninstall list

I don't need another HijackThis log just yet.

khany

Hi Trogan,

Attached are the 3 documents

1. NoLop Log

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Shaheen.A1C5F490406843B\Desktop
[30/06/2007]
[12:21:57]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A8575CBA9184D356.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Apple Computer
C:\Documents and Settings\Administrator\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Google
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Comodo
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Floodlightgames
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Hope Link This Test
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Logishrd
C:\Documents and Settings\All Users\Application Data\Logitech
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Starware347
C:\Documents and Settings\All Users\Application Data\Superantispyware.com
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Videoegg
C:\Documents and Settings\All Users\Application Data\Whitecap (holiday Edition)
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Adobe
C:\Documents and Settings\Guest\Application Data\Apple Computer
C:\Documents and Settings\Guest\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Comodo
C:\Documents and Settings\Guest\Application Data\Google
C:\Documents and Settings\Guest\Application Data\Help
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Macromedia
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Real
C:\Documents and Settings\Guest\Application Data\Starware347
C:\Documents and Settings\Localservice\Application Data\Avg7
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Adobe
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Apple Computer
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Avg7
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Comodo
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Google
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Grisoft
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Identities
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Lavasoft
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Macromedia
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Microsoft
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Real
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Starware347
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Sun
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Superantispyware.com
C:\Documents and Settings\Shaheen.a1c5f490406843b\Application Data\Utorrent
C:\Documents and Settings\User\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\User\Application Data\Identities
C:\Documents and Settings\User\Application Data\Microsoft
C:\Documents and Settings\User\Application Data\Real
C:\Documents and Settings\Zahrah\Application Data\Adobe
C:\Documents and Settings\Zahrah\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Zahrah\Application Data\Apple Computer
C:\Documents and Settings\Zahrah\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Zahrah\Application Data\Bind Multi Cake
C:\Documents and Settings\Zahrah\Application Data\Floodlightgames
C:\Documents and Settings\Zahrah\Application Data\Google
C:\Documents and Settings\Zahrah\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Zahrah\Application Data\Identities
C:\Documents and Settings\Zahrah\Application Data\Macromedia
C:\Documents and Settings\Zahrah\Application Data\Microsoft
C:\Documents and Settings\Zahrah\Application Data\Real
C:\Documents and Settings\Zahrah\Application Data\Screenshot Sender
C:\Documents and Settings\Zahrah\Application Data\Starware347
C:\Documents and Settings\Zahrah\Application Data\Sun
C:\Documents and Settings\Zahrah\Application Data\Tso
C:\Documents and Settings\Zahrah\Application Data\Videoegg

2. ComboFix Log

"Shaheen" - 2007-06-30 12:31:01 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-30 12:22 <DIR> d

---

C:\NoLopBackups
2007-06-30 11:05 49,152 --a

---

C:\WINDOWS\nircmd.exe
2007-06-30 10:17 <DIR> d

---

C:\DOCUME~1\Guest\APPLIC~1\Comodo
2007-06-28 09:04 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Comodo
2007-06-28 09:04 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-28 09:01 <DIR> d

---

C:\Program Files\Comodo
2007-06-27 23:17 <DIR> d

---

C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 22:10 <DIR> d

---

C:\WINDOWS\system32\ActiveScan
2007-06-27 22:06 <DIR> d

---

C:\Program Files\SpywareBlaster
2007-06-27 20:55 <DIR> d

---

C:\Program Files\Lavasoft
2007-06-27 20:55 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Lavasoft
2007-06-27 18:13 <DIR> d

---

C:\Program Files\SUPERAntiSpyware
2007-06-27 18:13 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 18:13 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 18:12 <DIR> d

---

C:\Program Files\Common Files\Wise Installation Wizard
2007-06-20 21:55 <DIR> d

---

C:\Program Files\Windows Live
2007-06-04 22:35 98,304 --a

---

C:\WINDOWS\system32\CmdLineExt.dll
2007-06-04 22:30 <DIR> d

---

C:\Program Files\DSA Theory Test
2007-05-31 10:33 <DIR> d

---

C:\DOCUME~1\Guest\APPLIC~1\Starware347
2007-05-30 19:55 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347
2007-05-30 19:55 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347
2007-05-27 22:29 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
2007-05-27 13:44 85,376 --a

---

C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-27 13:44 5,504 --a

---

C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-27 13:44 19,328 --a

---

C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-27 13:44 17,024 --a

---

C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-27 13:44 15,360 --a

---

C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-27 13:44 11,136 --a

---

C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-27 13:44 10,880 --a

---

C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-27 13:43 53,760 --a

---

C:\WINDOWS\system32\vfwwdm32.dll
2007-05-27 13:42 527,136 --a

---

C:\WINDOWS\system32\LVUI2RC.dll
2007-05-27 13:42 490,784 --a

---

C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-05-27 13:42 41,504 --a

---

C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-05-27 13:42 348,160 --a

---

C:\WINDOWS\system\msvcr71.dll
2007-05-27 13:42 264,992 --a

---

C:\WINDOWS\system32\lvcodec2.dll
2007-05-27 13:42 215,840 --a

---

C:\WINDOWS\system32\LVUI2.dll
2007-05-27 13:42 13,398 --a

---

C:\WINDOWS\system32\Repository.reg
2007-05-27 13:42 129,824 --a

---

C:\WINDOWS\system32\lvci1051.dll
2007-05-27 13:41 <DIR> d

---

C:\Program Files\Common Files\LogiShrd
2007-05-27 13:41 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-05-27 13:41 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-05-27 13:39 <DIR> d

---

C:\Program Files\Logitech
2007-05-26 17:41 <DIR> d

---

C:\Program Files\Common Files\xing shared
2007-05-26 17:36 <DIR> d

---

C:\My Downloads
2007-05-22 20:24 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Apple Computer
2007-05-16 16:27 <DIR> d-a

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-12 18:50 <DIR> d

---

C:\Program Files\Veoh Networks
2007-05-04 22:39 <DIR> d

---

C:\Program Files\MSBuild
2007-05-04 22:35 <DIR> d

---

C:\WINDOWS\system32\XPSViewer
2007-05-04 22:34 <DIR> d

---

C:\Program Files\Reference Assemblies
2007-05-04 22:33 14,048

---

C:\WINDOWS\system32\spmsg2.dll
2007-05-04 22:18 <DIR> d

---

C:\Program Files\iTunes
2007-05-04 22:15 <DIR> d

---

C:\Program Files\Apple Software Update
2007-05-04 22:10 2,560

---

C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-04 22:10 2,432

---

C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-04 22:10 129,784

---

C:\WINDOWS\system32\pxafs.dll
2007-05-04 22:00 37,860,928 --a

---

C:\temp\iTunesSetup.exe
2007-05-04 22:00 21,822,168 --a

---

C:\temp\AdbeRdr80_en_US.exe
2007-05-04 22:00 14,764,808 --a

---

C:\temp\DivXInstaller.exe
2007-05-04 22:00 13,801,120 --a

---

C:\temp\jre-6u1-windows-i586-p-s.exe
2007-05-04 21:55 <DIR> d

---

C:\Program Files\MSXML 6.0
2007-05-04 21:54 36,352

---

C:\WINDOWS\system32\tsgqec.dll
2007-05-04 21:54 288,768

---

C:\WINDOWS\system32\rhttpaa.dll
2007-05-04 21:54 116,736

---

C:\WINDOWS\system32\aaclient.dll
2007-05-02 21:12 <DIR> d

---

C:\Program Files\Messenger Plus! Live
2007-05-02 20:02 2,494 --a

---

C:\WINDOWS\system32\tmp.reg
2007-05-02 19:58 874,161 --a

---

C:\temp\SmitfraudFix.exe
2007-05-02 19:49 <DIR> d

---

C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-05-02 19:04 524,288 --a

---

C:\WINDOWS\system32\DivXsm.exe
2007-05-02 19:04 3,596,288 --a

---

C:\WINDOWS\system32\qt-dx331.dll
2007-05-02 19:04 200,704 --a

---

C:\WINDOWS\system32\ssldivx.dll
2007-05-02 19:04 1,044,480 --a

---

C:\WINDOWS\system32\libdivx.dll
2007-05-02 19:02 73,728 --a

---

C:\WINDOWS\system32\dpl100.dll
2007-05-02 19:02 593,920 --a

---

C:\WINDOWS\system32\dpuGUI11.dll
2007-05-02 19:02 57,344 --a

---

C:\WINDOWS\system32\dpv11.dll
2007-05-02 19:02 53,248 --a

---

C:\WINDOWS\system32\dpuGUI10.dll
2007-05-02 19:02 344,064 --a

---

C:\WINDOWS\system32\dpus11.dll
2007-05-02 19:02 294,912 --a

---

C:\WINDOWS\system32\dpu11.dll
2007-05-02 19:02 294,912 --a

---

C:\WINDOWS\system32\dpu10.dll
2007-05-02 19:02 196,608 --a

---

C:\WINDOWS\system32\dtu100.dll
2007-05-02 19:01 823,296 --a

---

C:\WINDOWS\system32\divx_xx0c.dll
2007-05-02 19:01 823,296 --a

---

C:\WINDOWS\system32\divx_xx07.dll
2007-05-02 19:01 802,816 --a

---

C:\WINDOWS\system32\divx_xx11.dll
2007-05-02 19:01 740,442 --a

---

C:\WINDOWS\system32\DivX.dll
2007-05-02 03:33 124,472 --a

---

C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-05-02 03:33 12,288 --a

---

C:\WINDOWS\system32\DivXWMPExtType.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 21:55:22

---

d

---

w C:\Program Files\Windows Defender
2007-06-27 21:53:35

---

d

---

w C:\Program Files\MSN Messenger
2007-06-27 08:55:24

---

d

---

w C:\Program Files\Google
2007-06-20 21:02:07

---

d

---

w C:\Program Files\MSN Games
2007-05-29 11:13:14

---

d

---

w C:\Program Files\Windows Live Safety Center
2007-05-26 16:41:19

---

d

---

w C:\Program Files\Common Files\Real
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 17:53:21

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-05-04 21:18:21

---

d

---

w C:\Program Files\iPod
2007-05-04 21:17:13

---

d

---

w C:\Program Files\QuickTime
2007-05-04 21:11:01

---

d

---

w C:\Program Files\DivX
2007-05-02 18:04:15 36,624

---

w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-02 18:04:14 118,520

---

w C:\WINDOWS\system32\pxinsi64.exe
2007-05-02 18:04:14 116,472

---

w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-28 17:32:08

---

d

---

w C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\uTorrent
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 09:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-26 17:40]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-28 09:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\longsoft]
C:\DOCUME~1\Zahrah\APPLIC~1\BINDMU~1\Kind Ace Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\this test admin mix]
C:\Documents and Settings\All Users\Application Data\Hope link this test\build extra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


Contents of the 'Scheduled Tasks' folder
2007-06-05 20:34:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-28 01:09:05 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 12:33:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-30 12:34:37
C:\ComboFix-quarantined-files.txt ... 2007-06-30 12:34
C:\ComboFix2.txt ... 2007-06-30 11:09

--- E O F ---

3. Uninstall List

Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 8.1.0
Adobe Shockwave Player
Agatha Christie Death on the Nile
Apple Software Update
ATI Display Driver
ATK0100 ACPI UTILITY
Auto Photo Editor
AVG Free Edition
BBC Bob The Builder
COMODO Firewall Pro
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dream Day Wedding
DSA Theory Test
Dynasty (remove only)
Google Earth
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Network Adapters and Drivers
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Kim Possible
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Messenger Plus! 3
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Reference Library 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
Microsoft® Winter Fun Pack 2004 for Windows® XP
MSN Music Mediabar
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
MVision
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
Nero 6
Panda ActiveScan
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
SAMSUNG Mobile USB Modem 1.0 Software
Samsung PC Studio
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shizmoo Web Games
Shockwave
SoftV92 Data Fax Modem
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Starware Jokes Toolbar
Su-Doku Quest
SUPERAntiSpyware Professional
Tribal Trouble Free Trial
Unreal Tournament Demo
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Veoh Player
Virtual Villagers The Lost Children
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip


Best regards.

Frank

Trogan

Hi Frank!

Please do the following...

1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

J2SE Runtime Environment 5.0 Update 6
Messenger Plus! Live & Sponsor (CiD)
Starware Jokes Toolbar

2. Open Notepad!
Copy and paste everything from the Quote box below into Notepad

Folder::
C:\DOCUME~1\Guest\APPLIC~1\Starware347
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347
C:\DOCUME~1\Zahrah\APPLIC~1\BINDMU~1
C:\Documents and Settings\All Users\Application Data\Hope link this test

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\longsoft]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\this test admin mix]

Save this as ComboFix-Do.txt to your Desktop.

Refering to the picture below, drag and drop ComboFix-Do.txt into ComboFix.exe.



ComboFix will scan again and produce a new log. Post that in your next reply.

3. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

4. Please post the following...

• Kaspersky log
• ComboFix log
• New HijackThis log
• Also, let me know how the computer is running.

khany

Hi Trogan,

Computer seems to be running OK at the moment and I have not experienced slowness or any problems.

1. Kaspersky

---

KASPERSKY ONLINE SCANNER REPORT
Saturday, June 30, 2007 4:22:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/06/2007
Kaspersky Anti-Virus database records: 355843

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 81636
Number of viruses found: 2
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:26:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\471c1e7b7692e870564d70085cca0f2b_06e823e8-6e87-4155-8e70-17bf3e82c515 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-2eb420c5/OP.class Infected: Trojan-Downloader.Java.OpenStream.ab skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-2eb420c5 ZIP: infected - 1 skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\History\History.IE5\MSHist012007063020070701\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Temp\~DF7B76.tmp Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\ntuser.dat Object is locked skipped
C:\Documents and Settings\Shaheen.A1C5F490406843B\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zahrah\.net.txt Object is locked skipped
C:\Documents and Settings\Zahrah\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Adobe Reader 7.0.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\AVG Free.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Encarta Dictionary Tools.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Encarta Kids DVD.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Encarta Reference Library DVD 2005.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Free Games & Music.url Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\iTunes.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Messenger Home Page.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Access 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Excel 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office InfoPath 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Outlook 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office PowerPoint 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Publisher 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Microsoft Office Word 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\MSN Messenger 7.5.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\PowerDVD.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Skype.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Unused Desktop Shortcuts\Shortcut to backup.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\Unused Desktop Shortcuts\Shortcut to E-mail.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Desktop Shortcuts\WinZip.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Microsoft Office PowerPoint 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Desktop\Microsoft Office Word 2003.lnk Object is locked skipped
C:\Documents and Settings\Zahrah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zahrah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\01 Jhalak Dikhla Ja_dhol mix-Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\02 Tera Surroor_remix- Aap Kaa Surroor.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\03 Jhoom Jhoom_remix-Tom Dick and Harry.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\04 Tum Saanson Mein_remix- Humko Deewana Kar Gaye.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\05 Tere Sang Ishq_remix -Tom Dick Harry.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\06 Fanah_remix- Humko Deewaan Kar Gaye.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\07 Naam Hai Tera_remix- Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\08 Jhalak Dikhla Ja_remix -Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\09 Mohabbat ki _remix - Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\10 Jeene ke hain chaar din- Mujse Shaadi Karogi.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\11 Gori Gori- Main hoon Na.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\12 O Jaana- Tere Naam.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\13 Wo Ladki Hai Kahan- Dil Chahta hai.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\14 Soniye_remix - Aksar.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\15 Ek kunwara- masti.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Everybody on Dance Floor Session 2\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Addictive (Bhangra mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\ah_yea-doni.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\amar arshi.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\be_easy(koi_naa)-nivla_ft_p_oberoi.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Hai Hai (2-step mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Jatt Marda (B-Boy mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\javani-sir_aah_&_taz(promo).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\moonshine savage n akon.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\Pyar Di Nishani (DMX mix).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\raxstar_&_sunit-keep_it_undercover(promo).mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\smoke_in_the_air-kat_eyez.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\tatu-all the things she said.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\the_general-raja_wilco.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\track1.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\My Playlists\track5 sone yaar da.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\sami yusuf\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\T Pain\t-pain im sprung.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\03 03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\05 05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\06 06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\07 07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\09 09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\15 15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\17 17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\18 Track 18.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\19 Track 19.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\20 Track 20.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\21 Track 21.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\22 Track 22.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\50 cent\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Bluffmaster\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\01 Kaho Naa Kahoo.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\02 Beehgay Hoont Terray.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Bollywood soundtracks\Murder The Remix\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\16 Track 16.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\18 Track 18.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\19 Track 19.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\20 Track 20.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\21 Track 21.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\22 Track 22.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Dr Zeus\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Mario\18 Track 18.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Metz and Trix\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\15 Track 15.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\16 Track 16.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Sukshinder Shinda\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Unknown Album (9-5-2005 21-08-23)\17 17 Track 17.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Unknown Album (9-5-2005 21-08-23)\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Music\Unknown Artist\Usher\19 Track 19.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\AlbumArt_{B44A7213-3783-41A0-9E2D-D851FF5C1479}_Large.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\AlbumArt_{B44A7213-3783-41A0-9E2D-D851FF5C1479}_Small.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\Folder.jpg Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\03-rihanna-unfaithful.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\07 Bingo Bango - Basement Jaxx.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\01 Track 1.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\02 Track 2.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\03 03 Track 3.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\04 04 Track 4 (2).wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\04 04 Track 4.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\05 05 Track 5.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\06 06 Track 6.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\07 07 Track 7.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\08 08 Track 8.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\09 Track 9.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\10 10 Track 10.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\11 11 Track 11.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\12 Track 12.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\13 13 Track 13.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\14 14 Track 14.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Akon\16 16 Track 16.wma Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\music\Shaggy - Angel.mp3 Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Received Files\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin 2.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin 3.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin 4.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Irfan and annies weddin.ASF Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Me and jake.wmv Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\nailah\Nailahs work\weather.doc Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\Thumbs.db Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\ZAHRAH\Sleeping dua.doc Object is locked skipped
C:\Documents and Settings\Zahrah\My Documents\ZAHRAH\Wireless PassPhrase.txt.txt Object is locked skipped
C:\Documents and Settings\Zahrah\ntuser.ini Object is locked skipped
C:\Documents and Settings\Zahrah\Saved Games\Oberon Games\Dream Day Wedding\ddw.save Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\49U78TEN\iconState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\49U78TEN\iconState[2].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\4HU3SDEV\iconState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\81ER0XQ7\oWindowsUpdate[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\81ER0XQ7\showHideState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\S9IBSP2Z\showHideState[1].xml Object is locked skipped
C:\Documents and Settings\Zahrah\UserData\S9IBSP2Z\showHideState[2].xml Object is locked skipped
C:\Documents and Settings\Zahrah\WhiteCap (Holiday Edition) Prefs (Windows Media Player).txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP605\A0103185.dll Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP605\A0103186.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP605\A0103187.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP606\A0103216.dll Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP606\A0103217.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP606\A0103218.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP606\A0104215.dll Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP606\A0104216.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP606\A0104217.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104226.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104227.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104230.dll Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104231.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104232.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104233.dll Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104234.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104235.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP607\A0104236.exe Object is locked skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP610\A0105427.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{C33FA20B-AD49-4EE0-9563-FB1C58C74905}\RP611\change.log Object is locked skipped
C:\temp\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\temp\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\temp\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F2218A82-E513-45D4-9882-F8452CB41820}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HJT & ComboFix are in separate thread because of size.

Best regards,

Frank

khany

Combofix and HJT.

"Shaheen" - 2007-06-30 13:36:56 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Shaheen.A1C5F490406843B\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\jokesearch.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\pranks.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\buttons\starware_toolbar_icon.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware347\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347
C:\DOCUME~1\Guest\APPLIC~1\Starware347\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Configurator\Configurator.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Configurator\Configurator.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Games\GamesOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Games\GamesOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Games\images\active\Games0.bmp
C:\DOCUME~1\Guest\APPLIC~1\Starware347\JokeSearch\JokeSearchOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\JokeSearch\JokeSearchOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Layouts\ToolbarLayout.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Manager\ManagerOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Movies\images\active\Movies0.bmp
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Movies\MoviesOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Movies\MoviesOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Pranks\PranksOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Pranks\PranksOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\Guest\APPLIC~1\Starware347\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\Guest\APPLIC~1\Starware347\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Configurator\Configurator.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Configurator\Configurator.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Games\GamesOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Games\GamesOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Games\images\active\Games0.bmp
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\JokeSearch\JokeSearchOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\JokeSearch\JokeSearchOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Layouts\ToolbarLayout.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Manager\ManagerOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Movies\images\active\Movies0.bmp
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Movies\MoviesOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Movies\MoviesOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Pranks\PranksOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Pranks\PranksOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Starware347\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\Zahrah\APPLIC~1\BINDMU~1
C:\DOCUME~1\Zahrah\APPLIC~1\BINDMU~1\ADC6A070
C:\Documents and Settings\All Users\Application Data\Hope link this test
C:\Documents and Settings\All Users\Application Data\Hope link this test\BoreSave4
C:\Documents and Settings\All Users\Application Data\Hope link this test\MeetRegsOoze
C:\Documents and Settings\All Users\Application Data\Hope link this test\Move regs platform


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-30 12:22 <DIR> d

---

C:\NoLopBackups
2007-06-30 11:05 49,152 --a

---

C:\WINDOWS\nircmd.exe
2007-06-30 10:17 <DIR> d

---

C:\DOCUME~1\Guest\APPLIC~1\Comodo
2007-06-28 09:04 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Comodo
2007-06-28 09:04 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-28 09:01 <DIR> d

---

C:\Program Files\Comodo
2007-06-27 23:17 <DIR> d

---

C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 22:10 <DIR> d

---

C:\WINDOWS\system32\ActiveScan
2007-06-27 22:06 <DIR> d

---

C:\Program Files\SpywareBlaster
2007-06-27 20:55 <DIR> d

---

C:\Program Files\Lavasoft
2007-06-27 20:55 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Lavasoft
2007-06-27 18:13 <DIR> d

---

C:\Program Files\SUPERAntiSpyware
2007-06-27 18:13 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 18:13 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 18:12 <DIR> d

---

C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 22:35 98,304 --a

---

C:\WINDOWS\system32\CmdLineExt.dll
2007-06-04 22:30 <DIR> d

---

C:\Program Files\DSA Theory Test
2007-05-27 22:29 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
2007-05-27 13:44 85,376 --a

---

C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-27 13:44 5,504 --a

---

C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-27 13:44 19,328 --a

---

C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-27 13:44 17,024 --a

---

C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-27 13:44 15,360 --a

---

C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-27 13:44 11,136 --a

---

C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-27 13:44 10,880 --a

---

C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-27 13:43 53,760 --a

---

C:\WINDOWS\system32\vfwwdm32.dll
2007-05-27 13:42 527,136 --a

---

C:\WINDOWS\system32\LVUI2RC.dll
2007-05-27 13:42 490,784 --a

---

C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-05-27 13:42 41,504 --a

---

C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-05-27 13:42 348,160 --a

---

C:\WINDOWS\system\msvcr71.dll
2007-05-27 13:42 264,992 --a

---

C:\WINDOWS\system32\lvcodec2.dll
2007-05-27 13:42 215,840 --a

---

C:\WINDOWS\system32\LVUI2.dll
2007-05-27 13:42 13,398 --a

---

C:\WINDOWS\system32\Repository.reg
2007-05-27 13:42 129,824 --a

---

C:\WINDOWS\system32\lvci1051.dll
2007-05-27 13:41 <DIR> d

---

C:\Program Files\Common Files\LogiShrd
2007-05-27 13:41 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-05-27 13:41 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-05-27 13:39 <DIR> d

---

C:\Program Files\Logitech
2007-05-26 17:41 <DIR> d

---

C:\Program Files\Common Files\xing shared
2007-05-26 17:36 <DIR> d

---

C:\My Downloads
2007-05-22 20:24 <DIR> d

---

C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\Apple Computer
2007-05-16 16:27 <DIR> d-a

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-12 18:50 <DIR> d

---

C:\Program Files\Veoh Networks
2007-05-04 22:39 <DIR> d

---

C:\Program Files\MSBuild
2007-05-04 22:35 <DIR> d

---

C:\WINDOWS\system32\XPSViewer
2007-05-04 22:34 <DIR> d

---

C:\Program Files\Reference Assemblies
2007-05-04 22:33 14,048

---

C:\WINDOWS\system32\spmsg2.dll
2007-05-04 22:18 <DIR> d

---

C:\Program Files\iTunes
2007-05-04 22:15 <DIR> d

---

C:\Program Files\Apple Software Update
2007-05-04 22:10 2,560

---

C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-04 22:10 2,432

---

C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-04 22:10 129,784

---

C:\WINDOWS\system32\pxafs.dll
2007-05-04 22:00 37,860,928 --a

---

C:\temp\iTunesSetup.exe
2007-05-04 22:00 21,822,168 --a

---

C:\temp\AdbeRdr80_en_US.exe
2007-05-04 22:00 14,764,808 --a

---

C:\temp\DivXInstaller.exe
2007-05-04 22:00 13,801,120 --a

---

C:\temp\jre-6u1-windows-i586-p-s.exe
2007-05-04 21:55 <DIR> d

---

C:\Program Files\MSXML 6.0
2007-05-04 21:54 36,352

---

C:\WINDOWS\system32\tsgqec.dll
2007-05-04 21:54 288,768

---

C:\WINDOWS\system32\rhttpaa.dll
2007-05-04 21:54 116,736

---

C:\WINDOWS\system32\aaclient.dll
2007-05-02 21:12 <DIR> d

---

C:\Program Files\Messenger Plus! Live
2007-05-02 20:02 2,494 --a

---

C:\WINDOWS\system32\tmp.reg
2007-05-02 19:58 874,161 --a

---

C:\temp\SmitfraudFix.exe
2007-05-02 19:49 <DIR> d

---

C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-05-02 19:04 524,288 --a

---

C:\WINDOWS\system32\DivXsm.exe
2007-05-02 19:04 3,596,288 --a

---

C:\WINDOWS\system32\qt-dx331.dll
2007-05-02 19:04 200,704 --a

---

C:\WINDOWS\system32\ssldivx.dll
2007-05-02 19:04 1,044,480 --a

---

C:\WINDOWS\system32\libdivx.dll
2007-05-02 19:02 73,728 --a

---

C:\WINDOWS\system32\dpl100.dll
2007-05-02 19:02 593,920 --a

---

C:\WINDOWS\system32\dpuGUI11.dll
2007-05-02 19:02 57,344 --a

---

C:\WINDOWS\system32\dpv11.dll
2007-05-02 19:02 53,248 --a

---

C:\WINDOWS\system32\dpuGUI10.dll
2007-05-02 19:02 344,064 --a

---

C:\WINDOWS\system32\dpus11.dll
2007-05-02 19:02 294,912 --a

---

C:\WINDOWS\system32\dpu11.dll
2007-05-02 19:02 294,912 --a

---

C:\WINDOWS\system32\dpu10.dll
2007-05-02 19:02 196,608 --a

---

C:\WINDOWS\system32\dtu100.dll
2007-05-02 19:01 823,296 --a

---

C:\WINDOWS\system32\divx_xx0c.dll
2007-05-02 19:01 823,296 --a

---

C:\WINDOWS\system32\divx_xx07.dll
2007-05-02 19:01 802,816 --a

---

C:\WINDOWS\system32\divx_xx11.dll
2007-05-02 19:01 740,442 --a

---

C:\WINDOWS\system32\DivX.dll
2007-05-02 03:33 124,472 --a

---

C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-05-02 03:33 12,288 --a

---

C:\WINDOWS\system32\DivXWMPExtType.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 12:34:19

---

d

---

w C:\Program Files\MSN Messenger
2007-06-27 21:55:22

---

d

---

w C:\Program Files\Windows Defender
2007-06-27 08:55:24

---

d

---

w C:\Program Files\Google
2007-06-20 21:02:07

---

d

---

w C:\Program Files\MSN Games
2007-05-29 11:13:14

---

d

---

w C:\Program Files\Windows Live Safety Center
2007-05-26 16:41:19

---

d

---

w C:\Program Files\Common Files\Real
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 17:53:21

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-05-04 21:18:21

---

d

---

w C:\Program Files\iPod
2007-05-04 21:17:13

---

d

---

w C:\Program Files\QuickTime
2007-05-04 21:11:01

---

d

---

w C:\Program Files\DivX
2007-05-02 18:04:15 36,624

---

w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-02 18:04:14 118,520

---

w C:\WINDOWS\system32\pxinsi64.exe
2007-05-02 18:04:14 116,472

---

w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-28 17:32:08

---

d

---

w C:\DOCUME~1\SHAHEE~1.A1C\APPLIC~1\uTorrent
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 09:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-26 17:40]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-28 09:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MessengerPlusLiveUninstall"="C:\DOCUME~1\SHAHEE~1.A1C\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


Contents of the 'Scheduled Tasks' folder
2007-06-05 20:34:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-28 01:09:05 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 13:39:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-30 13:40:20
C:\ComboFix-quarantined-files.txt ... 2007-06-30 13:40
C:\ComboFix2.txt ... 2007-06-30 12:34
C:\ComboFix3.txt ... 2007-06-30 11:09

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 16:26:03, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\SHAHEE~1.A1C\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150646048288
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe


Regards,

Frank

Trogan

HI Frank,

Logs are looking good now.

1. Go to Start > Control Panel > Java.

- In the General tab, under Temporary Internet Files click on the Settings button.
- In the new window, click on Delete Files...
- Ensure the two boxes are checked and press OK
- Press OK, and OK again to exit the Java Control Panel

2. Lets clean out System Restore and create a new restore point:

• Click Start | Help and Support | Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close the Help and Support Center box.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

3. You can delete the Tools we have downloaded to clean the computer.

Let me know if you have any questions or problems. If not, then I will provide some programs and instructions to keep your nieces PC clean in the next post.

khany

Hi Trogan,

Thank you so much for your help.

Just a quick couple of questions:

1. Is the computer "clean" now?

2. I now have the following installed on the computer:

Comodo Firewall
Super anti Spyware
Ad Aware Se
Spyware Blaster
AVG Free Edition
Spybot Search & Destroy

Which should I leave and which not?

Again, thank you so much for your help.

Frank

Trogan

Hi Frank,

1. The computer is clean.

2. You can leave all the programs you currently have; no problems there. I would also have kept AVG Anti-Spyware...you can redownload it again, if you want. It is one of the better anti-spyware programs. I should have mentioned this, sorry.

Here are some additional prevention steps/programs (some of which you already have)

Make your Internet Explorer more secure

1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click OK
5. Click on the Custom Level button.
   • Change the Download signed ActiveX controls to Prompt
   • Change the Download unsigned ActiveX controls to Disable
   • Change the Initialise and script ActiveX controls not marked as safe to Disable
   • Change the Installation of desktop items to Prompt
   • Change the Launching programs and files in an IFRAME to Prompt
   • Change the Navigate sub-frames across different domains to Prompt
   • Internet Explorer 7 users: Check all other items and make sure that they meet the (recommended) setting when applies.
   • When all these settings have been made, click on the OK button.
   • If it prompts you as to whether or not you want to save the
   settings, press the Yes button.
6. Next press the Apply button and then the OK to exit the Internet Properties page.

Take the time to check out the following links

Introduction to Internet Explorer 7
http://www.microsoft.com/windows/ie/default.mspx

Internet Explorer 7 features
http://www.microsoft.com/windows/ie/ie7/about/features/default.mspx

Release Notes for Internet Explorer 7
http://msdn2.microsoft.com/en-us/ie/aa740486.aspx
These Release Notes give you information about installing Internet Explorer® 7 and contain information about known issues and possible workarounds for those issues.

Internet Explorer 7 Ressources - In Depth Articles - Known Issues ...
http://www.ie-vista.com/

Internet Explorer7 - Phishing Filter Frequently Asked Questions
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/faq.mspx

Resources for using Internet Explorer 6
http://support.microsoft.com/?kbid=867470

How to Configure Enhanced Security Features for Internet Explorer from Windows XP SP2
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/iesecxp.mspx

Safety Home
http://www.microsoft.com/mscorp/safety/default.mspx

IEBlog
http://blogs.msdn.com/ie/default.aspx

Microsoft Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/families.mspx

Keep your Sun Java up to date

The most current version of Sun Java is: Java Runtime Environment Version 6.0
http://java.sun.com/javase/downloads/index.jsp

• Scroll down to where it says "Java Runtime Environment (JRE) 6".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

And in the future, remember to remove older versions of Java when you update to a newer version to avoid exploitation of older versions left on your system.

Check out these topics for more information:
http://spywarewarrior.com/viewtopic.php?t=17910
http://spywarewarrior.com/viewtopic.php?t=17598

Free programs that may help you in keeping the PC clean

• SpywareBlaster
  SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  You can download SpywareBlaster here
  A tutorial can be found here
• SpywareGuard
  It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection.
  You can download SpywareGuard here
  A tutorial can be found here
• IE-SPYAD
  IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites.
  You can download IE-SPYAD here
  A tutorial can be found here
• Hosts File
  A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  A tutorial can be found here
  • MVPS Hosts File
    You can download the MVPS Hosts File here
    Furthermore the website contains useful tips and links to other resources and utilities.
  • Bluetack's Hosts File and Hosts Manager
    Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites...sites responsible for hijacks, rogue apllications etc...
    Download Bluetack's Hosts file here
    Download Bluetack's HostsManager here

Free Spyware Detection and Removal Programs

• Ad-Aware
  It scans for known spyware on your computer. These scans should be run at least once every two weeks.
  You can download Ad-Aware here
  A tutorial can be found here
• Spybot - Search & Destroy
  It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer.
  You can download Spybot - S&D here
  A tutorial can be found here

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware".
You will find the list here

WinPatrol

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.

• Detect & Neutralize Spyware.
• Detect & Neutralize ADware.
• Detect & Neutralize Viral infections.
• Detect & Neutralize Unwanted IE Add-Ons.
• Detect & Restore File Type Changes.
• Automatically Filter Unwanted Cookies.
• Avoid Start Page Hijacking.
• Detect changes to HOSTS & critical system files.
• Kill Multiple Tasks that replicate each other, in a single step!
• Stop programs that repeatedly add themselves to your Startup List!

Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.
You can download WinPatrol here
WinPatrol FAQ

SiteHound by Firetrust

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:

• Fraudulent claims or scams
• Offensive material
• Security vulnerabilities
• Spyware or Adware
• Spam related material
• or other content deemed to be unsafe

Specifically, SiteHound blocks these categories:

o Adult o Spyware o Spam Advertising o Phishing o Possible scam or fraud o Misleading or False Advertising
o Pharming o Rogue or Suspect Product o Adware o Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Product Info & Download: SiteHound Toolbar

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.
Computer Safety On line - Anti-Virus
http://forum.malwareremoval.com/viewtopic.php?p=53#53

Update your Anti Virus Software

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.

Computer Safety On line - Software Firewalls
http://forum.malwareremoval.com/viewtopic.php?p=56#56
A tutorial on Understanding and Using Firewalls can be found here

Happy Surfing!