Unwanted Popups and disabled Control Panel

oh ... right ... here it is ... Thanks!

:oops:


Logfile of HijackThis v1.99.1
Scan saved at 4:08:07 PM, on 17/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 
Hi

Looks much cleaner now :)

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Thanks! Here is the Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 10:47:13 PM, on 18/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 
Kaspersky report

KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 18, 2007 10:44:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 486870


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 27860
Number of viruses found 9
Number of infected objects 29
Number of suspicious objects 0
Duration of the scan process 00:34:10

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cert8.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\history.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\key3.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\parent.lock Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Pooria&Maryam\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT.LOG Object is locked skipped

C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\C\Documents and Settings\Pooria&Maryam\Start Menu\Programs\Startup\system.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\C\WINDOWS\svhjdsah.exe.vir Infected: Trojan.Win32.Small.rt skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\izgmngwg.dat.vir Object is locked skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\vtr.dll.vir Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\WinAvXX.exe.vir Infected: Trojan.Win32.Qhost.rw skipped

C:\qoobox\Quarantine\catchme2007-12-17_132236.82.zip/izgmngwg.dat Infected: Rootkit.Win32.Agent.ql skipped

C:\qoobox\Quarantine\catchme2007-12-17_132236.82.zip ZIP: infected - 1 skipped

C:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500\Dc1 Infected: Trojan.Win32.Qhost.my skipped

C:\SDFix\backups\backups\backups\autorun.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups\backups\movedfile.ren Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups\backups\printer.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip/backups/autorun.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip/backups/movedfile.ren Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip/backups/printer.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\SDFix\backups\backups.zip ZIP: infected - 3 skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000070.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000071.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000072.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000073.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000074.exe Infected: Trojan.Win32.Small.rt skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000075.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\atippaxxd.dll.bak Infected: Trojan-Clicker.Win32.Delf.lk skipped

C:\WINDOWS\system32\cmpropsv.dll Infected: Trojan-Spy.Win32.BZub.btx skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\etc\hosts.20071008-141506.backup Infected: Trojan.Win32.Qhost.mg skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hi

Empty these folders:

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
C:\qoobox\Quarantine\
C:\SDFix\backups

Delete these:

C:\WINDOWS\system32\drivers\etc\hosts.20071008-141506.backup
C:\WINDOWS\system32\atippaxxd.dll.bak
C:\WINDOWS\system32\cmpropsv.dll

Empty Recycle Bin.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
 
Hi

I emptied and deleted all except one which I cannot find:
C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar

I can go up to C:\Documents and Settings\Pooria&Maryam but then there is no 'Application Data' folder to go into. :sad:

Nevertheless, here is the Kaspersky report:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 19, 2007 10:14:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 488985


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 28037
Number of viruses found 6
Number of infected objects 14
Number of suspicious objects 0
Duration of the scan process 00:37:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cert8.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\history.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\key3.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\parent.lock Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Shareaza\Data\TigerTree.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d8e7278-5af4ac72.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Pooria&Maryam\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_0552f0203612dd79a239df42729cdc9e.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_1553b6de522d91383123f62704ca0840.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_54a2da6f66e6c33869879b998f676e48.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_5b3d16699b7a1f94ea5051ef0983ffdc.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_63e68b10dcde4d93d3182a26158e68dd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_6c78817eb35e3cd0fe03c3d3067c10af.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_7f8e939679ccef406eb5c61e72edcd78.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bb6c733f5eb822908ec51b6c897bac96.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bc848cd51238502c454068e06006987b.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_d866661214d9079c51c0d5a6108349bd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_ed22c922bdcc660bdbba823c734ccb5a.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\MSHist012007121920071220\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT.LOG Object is locked skipped

C:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500\Dc1 Infected: Trojan.Win32.Qhost.my skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000070.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000071.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000072.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000073.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000074.exe Infected: Trojan.Win32.Small.rt skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000075.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000152.dll Infected: Trojan-Spy.Win32.BZub.btx skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000156.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000157.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Logfile of HijackThis v1.99.1
Scan saved at 10:17:16 AM, on 19/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 
Hi

Thanks... found it and deleted! :D:

Here's the resulting Kaspersky:


KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 19, 2007 1:51:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 489076


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 27196
Number of viruses found 5
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 00:33:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cert8.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\history.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\key3.db Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\parent.lock Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Application Data\Shareaza\Data\TigerTree.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_0552f0203612dd79a239df42729cdc9e.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_1553b6de522d91383123f62704ca0840.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_54a2da6f66e6c33869879b998f676e48.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_5b3d16699b7a1f94ea5051ef0983ffdc.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_63e68b10dcde4d93d3182a26158e68dd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_6c78817eb35e3cd0fe03c3d3067c10af.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_7f8e939679ccef406eb5c61e72edcd78.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bb6c733f5eb822908ec51b6c897bac96.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_bc848cd51238502c454068e06006987b.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_d866661214d9079c51c0d5a6108349bd.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Application Data\Shareaza\Incomplete\ed2k_ed22c922bdcc660bdbba823c734ccb5a.partial Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\History\History.IE5\MSHist012007121920071220\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\YDIHEJCD\Portfolio[1] Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\Local Settings\Temporary Internet Files\Content.IE5\YDIHEJCD\Portfolio[2] Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Pooria&Maryam\NTUSER.DAT.LOG Object is locked skipped

C:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500\Dc1 Infected: Trojan.Win32.Qhost.my skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000070.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000071.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000072.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000073.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000074.exe Infected: Trojan.Win32.Small.rt skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000075.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000152.dll Infected: Trojan-Spy.Win32.BZub.btx skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000156.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000157.exe Infected: Trojan.Win32.Qhost.rw skipped

C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 1:55:53 PM, on 19/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 
Hi

Logs look good.

All viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
other issues

Thank you for your help. My PC still has some issues:

1. my AVG Free Edition Anti-Virus comes up with the following in the scan:

kernel32.dll C:\Windows\System32\kernel32.dll
user32.dll C:\Windows\System32\user32.dll
shell32.dll C:\Windows\System32\shell32.dll
ntoskrnl.exe C:\Windows\System 32\ntoskrnl.exe
hosts C:\Windows\System 32\drivers\etc\hosts

The 'hosts' file was the first one that appeared when I got this virus/trojan, then after 2 months or so, the other 4 appeared simultaneously in the scan results.
After the scan, it says that it changed the 'hosts' file to fix it, but these files consistently come up in the scans.

2. Registry files - I may have deleted some of the registry files when trying to clean up the computer. Now when I plug in my camera or ipod, there is no pop-up asking what i want to do with the content.

3. My computer's processing time is much slower in the past yr. and it seems like it might be due to Adware or Spyware
-here is my AVG Anti-Spyware scan results; it says it cleaned all of them, but when I scan again, they all show up again.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:16:41 PM 19/12/2007

+ Scan result:



C:\WINDOWS\system32\b4fm.dll -> Adware.BurnFree : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000075.dll -> Not-A-Virus.Hoax.Win32.Renos.lq : Cleaned.
:mozilla.189:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.190:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.214:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.77:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.57:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.43:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.55:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.63:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.42:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.53:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.54:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.14:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.15:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.87:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.88:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.89:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.92:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.97:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.163:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.50:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.51:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.52:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.34:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.183:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.184:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.185:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.186:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.187:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.188:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.107:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.178:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.179:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.180:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.98:C:\Documents and Settings\Pooria&Maryam\Application Data\Mozilla\Firefox\Profiles\7ytnk9cz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-2000478354-789336058-725345543-500\Dc1 -> Trojan.Qhost.my : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000070.exe -> Trojan.Qhost.rw : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000071.exe -> Trojan.Qhost.rw : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000072.exe -> Trojan.Qhost.rw : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000073.exe -> Trojan.Qhost.rw : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000156.exe -> Trojan.Qhost.rw : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP7\A0000157.exe -> Trojan.Qhost.rw : Cleaned.
C:\System Volume Information\_restore{AAC115B9-188A-403F-B173-1C2D4511B6FC}\RP6\A0000074.exe -> Trojan.Small.rt : Cleaned.


::Report end
 
Hi

1. Does it show that these are infected?

kernel32.dll C:\Windows\System32\kernel32.dll
user32.dll C:\Windows\System32\user32.dll
shell32.dll C:\Windows\System32\shell32.dll
ntoskrnl.exe C:\Windows\System 32\ntoskrnl.exe

If not, they are all windows own files and safe.

2. Using what program you did that or do you have backups?

3. Windows tends to get slower with time. Majority of those are tracking cookies which come back because of incorrect browser settings. We'll fix that later.
 
Hi

1. You're right, it doesn't show them as being infected, but shows them as 'threats' while scanning. However, in the results of the scan, it only shows the 'hosts' file being fixed, not the rest. I am concerned because the 'hosts' file originally showed up at exactly the time i got the trojan/virus, so by that logic, I thought when it was fixed, I would not see that file or the others showing up on the AVG scanner.

2. Not realizing the importance of the registry, I did not make any backups. The only thing I remember about the program is that the application's symbol was all red ... something like 'RegCleaner'. I searched but couldn't find it on the net or my computer. So unless there is a place on the web to download the files or the computer has an automatic backup of them for dumbasses like myself... I dunno. :sad:

3. Okay, anything you can do to optimize the speed would be great, because I am beginning to use this PC much more for business related activities, and as they say 'time is of the essence'. The speed is a bit slower than a normal computer when surfing the net, but when opening or closing applications or things that require the computer's processing resources, it is considerably slower. :angel:

Thanks for your help. At least Now I'm above water :snorkle:

happy holidays :present:
 
Hi

1. That's good news :)

2. Ok, so then there are no backups. You may try to install/re-install camera/ipod software to see if that helps.

3. For tracking cookies, see here

For general slowness, see here and post back if it helped :)
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it had been 10 days or more since your last post, and especially if the helper assisting you posted a response to that post to which you did not reply, the topic will not be reopened.

In that situation, if you still require help, it would be best to start a new topic and include a fresh HijackThis log with a link to your original thread.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top