Unwanted Popups and disabled Control Panel

[Shaba]

Hi

How about a fresh HijackThis log?

[grateful26]

Logfile of HijackThis v1.99.1
Scan saved at 4:08:07 PM, on 17/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[Shaba]

Hi

Looks much cleaner now

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button
• Save the file to your desktop.
• Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

[grateful26]

Logfile of HijackThis v1.99.1
Scan saved at 10:47:13 PM, on 18/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[grateful26]

KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 18, 2007 10:44:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 486870


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 27860
Number of viruses found 9
Number of infected objects 29
Number of suspicious objects 0
Duration of the scan process 00:34:10

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cert8.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\history.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\key3.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\parent.lock Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Pooria&Maryam\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT.LOG Object is locked skipped

C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\C\Documents and Settings\Pooria&Maryam\Start Menu\Programs\Startup\system.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\C\WINDOWS\svhjdsah.exe.vir Infected: Trojan.Win32.Small.rt skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\izgmngwg.dat.vir Object is locked skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\vtr.dll.vir Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\WinAvXX.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\catchme2007-12-17_132236.82.zip/izgmngwg.dat Infected: Rootkit.Win32.Agent.ql skipped

C:\qoobox\Quarantine\catchme2007-12-17_132236.82.zip ZIP: infected - 1 skipped

C:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500\Dc1 Infected: Trojan.Win32.Qhost.my skipped

C:\SDFix\backups\backups\backups\autorun.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups\backups\movedfile.ren Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups\backups\printer.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip/backups/autorun.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip/backups/movedfile.ren Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip/backups/printer.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip ZIP: infected - 3 skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000070.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000071.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000072.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000073.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000074.exe Infected: Trojan.Win32.Small.rt skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000075.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\atippaxxd.dll.bak Infected: Trojan-Clicker.Win32.Delf.lk skipped

C:\WINDOWS\system32\cmpropsv.dll Infected: Trojan-Spy.Win32.BZub.btx skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\etc\hosts.20071008-141506.backup Infected: Trojan.Win32.Qhost.mg skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Shaba]

Hi

Empty these folders:

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
C:\qoobox\Quarantine\
C:\SDFix\backups

Delete these:

C:\WINDOWS\system32\drivers\etc\hosts.20071008-141506.backup
C:\WINDOWS\system32\atippaxxd.dll.bak
C:\WINDOWS\system32\cmpropsv.dll

Empty Recycle Bin.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report

[grateful26]

Hi

I emptied and deleted all except one which I cannot find:
C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar

I can go up to C:\Documents and Settings\Pooria&Maryam but then there is no 'Application Data' folder to go into.

Nevertheless, here is the Kaspersky report:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 19, 2007 10:14:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 488985


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 28037
Number of viruses found 6
Number of infected objects 14
Number of suspicious objects 0
Duration of the scan process 00:37:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cert8.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\history.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\key3.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\parent.lock Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Shareaza\Data\TigerTree.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Pooria&Maryam\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_0552f0203612dd79a239df42729cdc9e.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_1553b6de522d91383123f62704ca0840.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_54a2da6f66e6c33869879b998f676e48.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_5b3d16699b7a1f94ea5051ef0983ffdc.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_63e68b10dcde4d93d3182a26158e68dd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_6c78817eb35e3cd0fe03c3d3067c10af.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_7f8e939679ccef406eb5c61e72edcd78.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bb6c733f5eb822908ec51b6c897bac96.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bc848cd51238502c454068e06006987b.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_d866661214d9079c51c0d5a6108349bd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_ed22c922bdcc660bdbba823c734ccb5a.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\MSHist012007121920071220\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT.LOG Object is locked skipped

C:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500\Dc1 Infected: Trojan.Win32.Qhost.my skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000070.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000071.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000072.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000073.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000074.exe Infected: Trojan.Win32.Small.rt skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000075.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000152.dll Infected: Trojan-Spy.Win32.BZub.btx skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000156.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000157.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[grateful26]

Logfile of HijackThis v1.99.1
Scan saved at 10:17:16 AM, on 19/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[Shaba]

Hi

That folder is hidden by default.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

And let me know if you can now find it

[grateful26]

Hi

Thanks... found it and deleted!

Here's the resulting Kaspersky:


KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 19, 2007 1:51:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 489076


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 27196
Number of viruses found 5
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 00:33:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cert8.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\history.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\key3.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\parent.lock Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Shareaza\Data\TigerTree.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_0552f0203612dd79a239df42729cdc9e.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_1553b6de522d91383123f62704ca0840.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_54a2da6f66e6c33869879b998f676e48.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_5b3d16699b7a1f94ea5051ef0983ffdc.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_63e68b10dcde4d93d3182a26158e68dd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_6c78817eb35e3cd0fe03c3d3067c10af.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_7f8e939679ccef406eb5c61e72edcd78.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bb6c733f5eb822908ec51b6c897bac96.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bc848cd51238502c454068e06006987b.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_d866661214d9079c51c0d5a6108349bd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_ed22c922bdcc660bdbba823c734ccb5a.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\MSHist012007121920071220\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\YDIHEJCD\Portfolio[1] Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\YDIHEJCD\Portfolio[2] Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT.LOG Object is locked skipped

C:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500\Dc1 Infected: Trojan.Win32.Qhost.my skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000070.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000071.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000072.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000073.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000074.exe Infected: Trojan.Win32.Small.rt skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000075.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000152.dll Infected: Trojan-Spy.Win32.BZub.btx skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000156.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000157.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.