Trojan Found
"The file C:\WINDOWS\smss.exe is infected by the New Malware.j trojan and cannot be cleaned."

My McAfee antivirus pops up with the above message all the time. Even after I click on "Delete the file" or "Quarantine" it pops up again. It really slows down my computer and it stops any installation process in the middle.

I've saved a HijackThis log.

I would really appreciate some help.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thanks for the quick response. Here's the log:
----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:08 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\killer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.110.89.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe, killer.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - F:\Program Files\NetConceal\Anonymity Shield\ProxyNew.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Runonce] C:\WINDOWS\smss.exe
O4 - Global Startup: lsass.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - E:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7913 bytes

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

ComboFix 08-02-17.2 - Hassaan 2008-02-17 13:06:30.1 - NTFSx86
Running from: C:\Documents and Settings\Hassaan\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\smss.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 12:55 . 2008-02-17 12:55 <DIR> d-------- C:\log
2008-02-17 12:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-17 12:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-17 12:06 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-17 12:06 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-17 12:06 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-17 12:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-17 12:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-17 10:11 . 2007-12-09 15:14 229,888 -rahs---- C:\WINDOWS\smss.exe
2008-02-17 07:59 . 2008-02-17 07:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 07:59 . 2008-02-17 07:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-17 07:59 . 2008-02-17 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 13:49 . 2008-02-15 13:49 268 --ah----- C:\sqmdata14.sqm
2008-02-15 13:49 . 2008-02-15 13:49 244 --ah----- C:\sqmnoopt14.sqm
2008-02-13 10:12 . 2008-02-13 10:13 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-13 10:05 . 2007-12-09 15:14 229,888 -rahs---- C:\WINDOWS\Funny UST Scandal.exe
2008-02-12 14:54 . 2008-02-12 14:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-12 14:54 . 2008-02-12 14:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 03:47 . 2008-02-12 03:47 <DIR> d-------- C:\Documents and Settings\Hassaan\Application Data\Viewpoint
2008-02-12 03:45 . 2008-02-12 03:45 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-12 03:45 . 2008-02-12 03:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-09 19:57 . 2008-02-09 19:57 268 --ah----- C:\sqmdata13.sqm
2008-02-09 19:57 . 2008-02-09 19:57 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 15:19 . 2008-02-07 15:19 268 --ah----- C:\sqmdata12.sqm
2008-02-07 15:19 . 2008-02-07 15:19 244 --ah----- C:\sqmnoopt12.sqm
2008-02-06 15:16 . 2008-02-06 15:16 268 --ah----- C:\sqmdata11.sqm
2008-02-06 15:16 . 2008-02-06 15:16 244 --ah----- C:\sqmnoopt11.sqm
2008-02-06 08:56 . 2008-02-06 08:56 <DIR> d-------- C:\Nokia
2008-02-06 08:56 . 1999-09-29 19:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2008-02-06 08:56 . 1998-06-01 13:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2008-02-06 08:56 . 1998-06-01 13:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2008-02-06 08:56 . 1999-09-09 21:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2008-02-06 08:56 . 1999-06-07 17:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2008-02-06 08:56 . 1999-09-09 21:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2008-02-06 08:56 . 1999-09-30 18:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2008-02-06 08:55 . 2004-02-06 09:07 438,976 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-02-06 08:55 . 2003-10-29 02:25 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2008-02-06 08:55 . 2003-10-29 02:25 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2008-02-06 08:55 . 1999-04-26 19:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2008-02-06 08:55 . 1998-05-05 10:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2008-02-06 08:54 . 2008-02-06 08:54 <DIR> d-------- C:\Program Files\Intuwave
2008-02-06 08:49 . 2008-02-06 08:49 <DIR> d-------- C:\Program Files\Nokia
2008-02-06 06:24 . 2008-02-06 06:24 332 --a------ C:\WINDOWS\desctemp.dat
2008-02-05 15:18 . 2008-02-05 15:18 268 --ah----- C:\sqmdata10.sqm
2008-02-05 15:18 . 2008-02-05 15:18 244 --ah----- C:\sqmnoopt10.sqm
2008-02-04 08:45 . 2008-02-04 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-04 08:33 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-04 08:33 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-04 08:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-04 08:33 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-04 08:33 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-04 08:32 . 2008-02-04 08:32 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-03 15:10 . 2008-02-03 15:10 268 --ah----- C:\sqmdata09.sqm
2008-02-03 15:10 . 2008-02-03 15:10 244 --ah----- C:\sqmnoopt09.sqm
2008-02-03 10:18 . 2008-02-03 10:18 268 --ah----- C:\sqmdata08.sqm
2008-02-03 10:18 . 2008-02-03 10:18 244 --ah----- C:\sqmnoopt08.sqm
2008-01-31 20:31 . 2008-01-31 20:31 268 --ah----- C:\sqmdata07.sqm
2008-01-31 20:31 . 2008-01-31 20:31 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 16:09 . 2008-01-31 16:09 268 --ah----- C:\sqmdata06.sqm
2008-01-31 16:09 . 2008-01-31 16:09 244 --ah----- C:\sqmnoopt06.sqm
2008-01-28 23:31 . 2008-01-28 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 18:00 . 2008-01-28 18:00 268 --ah----- C:\sqmdata05.sqm
2008-01-28 18:00 . 2008-01-28 18:00 244 --ah----- C:\sqmnoopt05.sqm
2008-01-28 13:47 . 2008-01-28 13:47 268 --ah----- C:\sqmdata04.sqm
2008-01-28 13:47 . 2008-01-28 13:47 244 --ah----- C:\sqmnoopt04.sqm
2008-01-28 13:35 . 2007-12-09 15:14 229,888 -rahs---- C:\WINDOWS\killer.exe
2008-01-28 13:35 . 2007-12-09 15:14 229,888 -rahs---- C:\Funny UST Scandal.avi.exe
2008-01-25 06:18 . 2008-01-25 06:19 <DIR> d-------- C:\Program Files\Ares
2008-01-24 08:02 . 2008-01-24 08:02 268 --ah----- C:\sqmdata03.sqm
2008-01-24 08:02 . 2008-01-24 08:02 244 --ah----- C:\sqmnoopt03.sqm
2008-01-23 19:42 . 2008-01-23 19:42 268 --ah----- C:\sqmdata02.sqm
2008-01-23 19:42 . 2008-01-23 19:42 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 11:41 --------- d-----w C:\Program Files\GuitarFX 3
2008-02-06 14:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-27 13:13 --------- d-----w C:\Program Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-09 21:14 229,888 --sha-r C:\smss.exe
2007-07-08 08:24 2,643,424 ----a-w C:\Program Files\Age2upA.exe
2007-04-21 03:52 17,152 ----a-w C:\Documents and Settings\bbb\Application Data\GDIPFONTCACHEV1.DAT
2007-04-15 16:17 17,152 ----a-w C:\Documents and Settings\Hassaan\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56 15360]
"Runonce"="C:\WINDOWS\smss.exe" [2007-12-09 15:14 229888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 18:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 18:07 114688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-23 09:42 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 07:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 01:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 11:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 07:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 01:05 212992]
"InvisibleBrowsing"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe, killer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d40f66-ef21-11db-b9b6-00407b7973d5}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968886d0-d0da-11dc-bc35-00407b7973d5}]
\Shell\Autoplay\Command - I:\smss.exe
\Shell\AutoRun\command - I:\smss.exe
\Shell\Explore\Command - I:\smss.exe
\Shell\Open\Command - I:\smss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b86b350-e567-11db-b99e-00407b7973d5}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73e4f14-eb3a-11db-b9ab-000c76b0f100}]
\Shell\AutoRun\command - I:\RavMon.exe
\Shell\explore\Command - I:\RavMon.exe -e
\Shell\open\Command - I:\RavMon.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 13:11:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 13:13:20
ComboFix-quarantined-files.txt 2008-02-17 19:12:51
.
2008-02-13 17:38:44 --- E O F ---

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\smss.exe
C:\WINDOWS\Funny UST Scandal.exe
C:\WINDOWS\killer.exe
C:\Funny UST Scandal.avi.exe
C:\smss.exe

Driver::
Folder::
C:\Documents and Settings\Hassaan\Application Data\Viewpoint
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.

ComboFix has not created a log this time. It got stuck at the end and I had to restart my computer.
After I started ComboFix, McAfee came up with this 'PUP Found!' It says that it is blocking it, and has several options to: let it run (trust this source), remove it completely, or do nothing.
I didn't click on any option and waited for ComboFix to complete the task. But it got stuck at the end after it said something like "a new window will open.." and I restarted the computer.

But the good news is that I haven't got "smss.exe is infected by New Malware.j trojan" message again after restarting. Thanks to you.
But there are still some problems to be fixed:
my hidden files are not showing. I check the "show hidden files" option in FOLDER OPTIONS
and apply the settings but it doesn't work. The default setting is restored automatically.

go to start> run> type in combofix /u (note the space after combofix) then press ok.

Download combofix again and post a combofix log and a new Hijack this log.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

This is what I get everytime I run ComboFix.

"PUP Found

The file
C:\327882R2FWJFW\psexec.cfexe is a Potentially Unwanted Program (such as spyware or adware) and has been blocked from running on your computer.

If you do not recognize it, remove this PUP. If you recognize it, trust this PUP, and then rerun the program that triggered this alert."

After running "combofix /u", I got the above message again, although ComboFix has been uninstalled.

So what am I supposed to do -- trust it or remove it?

It was installed with a program in combofix (catchme) let it run.

ComboFix log
--------------------

ComboFix 08-02-18.1 - Hassaan 2008-02-17 20:14:55.4 - NTFSx86
Running from: C:\Documents and Settings\Hassaan\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\smss.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-17 16:18 . 2008-02-17 16:18 <DIR> d-------- C:\Documents and Settings\Hassaan\Application Data\Grisoft
2008-02-17 16:10 . 2008-02-17 16:10 <DIR> d-------- C:\log
2008-02-17 15:56 . 2008-02-17 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 15:56 . 2008-02-17 15:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-17 15:56 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-17 15:51 . 2008-02-17 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 15:51 . 2008-02-17 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-17 15:31 . 2008-02-17 15:31 <DIR> d-------- C:\Documents and Settings\Hassaan\Application Data\SUPERAntiSpyware.com
2008-02-17 15:30 . 2008-02-17 15:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 15:06 . 2008-02-17 16:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 12:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-17 12:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-17 12:06 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-17 12:06 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-17 12:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-17 12:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-17 07:59 . 2008-02-17 07:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 07:59 . 2008-02-17 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 13:49 . 2008-02-15 13:49 268 --ah----- C:\sqmdata14.sqm
2008-02-15 13:49 . 2008-02-15 13:49 244 --ah----- C:\sqmnoopt14.sqm
2008-02-13 10:12 . 2008-02-13 10:13 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 14:54 . 2008-02-12 14:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-12 14:54 . 2008-02-12 14:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-09 19:57 . 2008-02-09 19:57 268 --ah----- C:\sqmdata13.sqm
2008-02-09 19:57 . 2008-02-09 19:57 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 15:19 . 2008-02-07 15:19 268 --ah----- C:\sqmdata12.sqm
2008-02-07 15:19 . 2008-02-07 15:19 244 --ah----- C:\sqmnoopt12.sqm
2008-02-06 15:16 . 2008-02-06 15:16 268 --ah----- C:\sqmdata11.sqm
2008-02-06 15:16 . 2008-02-06 15:16 244 --ah----- C:\sqmnoopt11.sqm
2008-02-06 08:56 . 2008-02-06 08:56 <DIR> d-------- C:\Nokia
2008-02-06 08:56 . 1999-09-29 19:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2008-02-06 08:56 . 1998-06-01 13:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2008-02-06 08:56 . 1998-06-01 13:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2008-02-06 08:56 . 1999-09-09 21:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2008-02-06 08:56 . 1999-06-07 17:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2008-02-06 08:56 . 1999-09-09 21:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2008-02-06 08:56 . 1999-09-30 18:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2008-02-06 08:55 . 2004-02-06 09:07 438,976 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-02-06 08:55 . 2003-10-29 02:25 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2008-02-06 08:55 . 2003-10-29 02:25 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2008-02-06 08:55 . 1999-04-26 19:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2008-02-06 08:55 . 1998-05-05 10:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2008-02-06 08:54 . 2008-02-06 08:54 <DIR> d-------- C:\Program Files\Intuwave
2008-02-06 08:49 . 2008-02-06 08:49 <DIR> d-------- C:\Program Files\Nokia
2008-02-06 06:24 . 2008-02-06 06:24 332 --a------ C:\WINDOWS\desctemp.dat
2008-02-05 15:18 . 2008-02-05 15:18 268 --ah----- C:\sqmdata10.sqm
2008-02-05 15:18 . 2008-02-05 15:18 244 --ah----- C:\sqmnoopt10.sqm
2008-02-04 08:45 . 2008-02-04 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-04 08:33 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-04 08:33 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-04 08:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-04 08:33 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-04 08:33 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-04 08:32 . 2008-02-04 08:32 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-03 15:10 . 2008-02-03 15:10 268 --ah----- C:\sqmdata09.sqm
2008-02-03 15:10 . 2008-02-03 15:10 244 --ah----- C:\sqmnoopt09.sqm
2008-02-03 10:18 . 2008-02-03 10:18 268 --ah----- C:\sqmdata08.sqm
2008-02-03 10:18 . 2008-02-03 10:18 244 --ah----- C:\sqmnoopt08.sqm
2008-01-31 20:31 . 2008-01-31 20:31 268 --ah----- C:\sqmdata07.sqm
2008-01-31 20:31 . 2008-01-31 20:31 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 16:09 . 2008-01-31 16:09 268 --ah----- C:\sqmdata06.sqm
2008-01-31 16:09 . 2008-01-31 16:09 244 --ah----- C:\sqmnoopt06.sqm
2008-01-28 23:31 . 2008-01-28 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 18:00 . 2008-01-28 18:00 268 --ah----- C:\sqmdata05.sqm
2008-01-28 18:00 . 2008-01-28 18:00 244 --ah----- C:\sqmnoopt05.sqm
2008-01-28 13:47 . 2008-01-28 13:47 268 --ah----- C:\sqmdata04.sqm
2008-01-28 13:47 . 2008-01-28 13:47 244 --ah----- C:\sqmnoopt04.sqm
2008-01-25 06:18 . 2008-01-25 06:19 <DIR> d-------- C:\Program Files\Ares
2008-01-24 08:02 . 2008-01-24 08:02 268 --ah----- C:\sqmdata03.sqm
2008-01-24 08:02 . 2008-01-24 08:02 244 --ah----- C:\sqmnoopt03.sqm
2008-01-23 19:42 . 2008-01-23 19:42 268 --ah----- C:\sqmdata02.sqm
2008-01-23 19:42 . 2008-01-23 19:42 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 21:32 --------- d-----w C:\Program Files\GuitarFX 3
2008-02-06 14:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-27 13:13 --------- d-----w C:\Program Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-07-08 08:24 2,643,424 ----a-w C:\Program Files\Age2upA.exe
2007-04-21 03:52 17,152 ----a-w C:\Documents and Settings\bbb\Application Data\GDIPFONTCACHEV1.DAT
2007-04-15 16:17 17,152 ----a-w C:\Documents and Settings\Hassaan\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Runonce"="C:\WINDOWS\smss.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 18:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 18:07 114688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-23 09:42 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 07:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 01:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 11:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 07:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 01:05 212992]
"InvisibleBrowsing"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-03 18:56]
R3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 05:25]
S1 CXAVSAUD;Compro VideoMate X series Audio Capture;C:\WINDOWS\system32\DRIVERS\cxavsaud.sys [2006-03-22 04:07]
S2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2006-03-22 04:12]
S2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2006-03-22 04:07]
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-04-14 09:14]
S3 CXAVXBAR;Compro VideoMate X series AVStream Crossbar;C:\WINDOWS\system32\drivers\cxavxbar.sys [2006-03-22 04:07]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 07:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d40f66-ef21-11db-b9b6-00407b7973d5}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968886d0-d0da-11dc-bc35-00407b7973d5}]
\Shell\Autoplay\Command - I:\smss.exe
\Shell\AutoRun\command - I:\smss.exe
\Shell\Explore\Command - I:\smss.exe
\Shell\Open\Command - I:\smss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b86b350-e567-11db-b99e-00407b7973d5}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73e4f14-eb3a-11db-b9ab-000c76b0f100}]
\Shell\AutoRun\command - I:\RavMon.exe
\Shell\explore\Command - I:\RavMon.exe -e
\Shell\open\Command - I:\RavMon.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:21:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 20:24:05
ComboFix-quarantined-files.txt 2008-02-18 02:23:33
.
2008-02-13 17:38:44 --- E O F ---

HijackThis log
-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.110.89.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - F:\Program Files\NetConceal\Anonymity Shield\ProxyNew.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Runonce] C:\WINDOWS\smss.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - E:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7611 bytes

You said,
"If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component."

I have used Kaspersky before and it's still on my system.
So do i HAVE to remove it and download it again?

Open Notepad and copy/paste everything between the X"s into it and make sure "Registry::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Runonce"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d40f66-ef21-11db-b9b6-00407b7973d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968886d0-d0da-11dc-bc35-00407b7973d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73e4f14-eb3a-11db-b9ab-000c76b0f100}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

ComboFix 08-02-18.1 - Hassaan 2008-02-17 20:57:30.5 - NTFSx86
Running from: C:\Documents and Settings\Hassaan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hassaan\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-17 16:18 . 2008-02-17 16:18 <DIR> d-------- C:\Documents and Settings\Hassaan\Application Data\Grisoft
2008-02-17 16:10 . 2008-02-17 16:10 <DIR> d-------- C:\log
2008-02-17 15:56 . 2008-02-17 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 15:56 . 2008-02-17 15:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-17 15:56 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-17 15:51 . 2008-02-17 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 15:51 . 2008-02-17 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-17 15:31 . 2008-02-17 15:31 <DIR> d-------- C:\Documents and Settings\Hassaan\Application Data\SUPERAntiSpyware.com
2008-02-17 15:30 . 2008-02-17 15:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 15:06 . 2008-02-17 16:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 12:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-17 12:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-17 12:06 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-17 12:06 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-17 12:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-17 12:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-17 07:59 . 2008-02-17 07:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 07:59 . 2008-02-17 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 13:49 . 2008-02-15 13:49 268 --ah----- C:\sqmdata14.sqm
2008-02-15 13:49 . 2008-02-15 13:49 244 --ah----- C:\sqmnoopt14.sqm
2008-02-13 10:12 . 2008-02-13 10:13 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 14:54 . 2008-02-12 14:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-12 14:54 . 2008-02-12 14:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-09 19:57 . 2008-02-09 19:57 268 --ah----- C:\sqmdata13.sqm
2008-02-09 19:57 . 2008-02-09 19:57 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 15:19 . 2008-02-07 15:19 268 --ah----- C:\sqmdata12.sqm
2008-02-07 15:19 . 2008-02-07 15:19 244 --ah----- C:\sqmnoopt12.sqm
2008-02-06 15:16 . 2008-02-06 15:16 268 --ah----- C:\sqmdata11.sqm
2008-02-06 15:16 . 2008-02-06 15:16 244 --ah----- C:\sqmnoopt11.sqm
2008-02-06 08:56 . 2008-02-06 08:56 <DIR> d-------- C:\Nokia
2008-02-06 08:56 . 1999-09-29 19:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2008-02-06 08:56 . 1998-06-01 13:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2008-02-06 08:56 . 1998-06-01 13:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2008-02-06 08:56 . 1999-09-09 21:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2008-02-06 08:56 . 1999-06-07 17:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2008-02-06 08:56 . 1999-09-09 21:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2008-02-06 08:56 . 1999-09-30 18:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2008-02-06 08:55 . 2004-02-06 09:07 438,976 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-02-06 08:55 . 2003-10-29 02:25 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2008-02-06 08:55 . 2003-10-29 02:25 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2008-02-06 08:55 . 1999-04-26 19:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2008-02-06 08:55 . 1998-05-05 10:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2008-02-06 08:54 . 2008-02-06 08:54 <DIR> d-------- C:\Program Files\Intuwave
2008-02-06 08:49 . 2008-02-06 08:49 <DIR> d-------- C:\Program Files\Nokia
2008-02-06 06:24 . 2008-02-06 06:24 332 --a------ C:\WINDOWS\desctemp.dat
2008-02-05 15:18 . 2008-02-05 15:18 268 --ah----- C:\sqmdata10.sqm
2008-02-05 15:18 . 2008-02-05 15:18 244 --ah----- C:\sqmnoopt10.sqm
2008-02-04 08:45 . 2008-02-04 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-04 08:33 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-04 08:33 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-04 08:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-04 08:33 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-04 08:33 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-04 08:32 . 2008-02-04 08:32 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-03 15:10 . 2008-02-03 15:10 268 --ah----- C:\sqmdata09.sqm
2008-02-03 15:10 . 2008-02-03 15:10 244 --ah----- C:\sqmnoopt09.sqm
2008-02-03 10:18 . 2008-02-03 10:18 268 --ah----- C:\sqmdata08.sqm
2008-02-03 10:18 . 2008-02-03 10:18 244 --ah----- C:\sqmnoopt08.sqm
2008-01-31 20:31 . 2008-01-31 20:31 268 --ah----- C:\sqmdata07.sqm
2008-01-31 20:31 . 2008-01-31 20:31 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 16:09 . 2008-01-31 16:09 268 --ah----- C:\sqmdata06.sqm
2008-01-31 16:09 . 2008-01-31 16:09 244 --ah----- C:\sqmnoopt06.sqm
2008-01-28 23:31 . 2008-01-28 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 18:00 . 2008-01-28 18:00 268 --ah----- C:\sqmdata05.sqm
2008-01-28 18:00 . 2008-01-28 18:00 244 --ah----- C:\sqmnoopt05.sqm
2008-01-28 13:47 . 2008-01-28 13:47 268 --ah----- C:\sqmdata04.sqm
2008-01-28 13:47 . 2008-01-28 13:47 244 --ah----- C:\sqmnoopt04.sqm
2008-01-25 06:18 . 2008-01-25 06:19 <DIR> d-------- C:\Program Files\Ares
2008-01-24 08:02 . 2008-01-24 08:02 268 --ah----- C:\sqmdata03.sqm
2008-01-24 08:02 . 2008-01-24 08:02 244 --ah----- C:\sqmnoopt03.sqm
2008-01-23 19:42 . 2008-01-23 19:42 268 --ah----- C:\sqmdata02.sqm
2008-01-23 19:42 . 2008-01-23 19:42 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 21:32 --------- d-----w C:\Program Files\GuitarFX 3
2008-02-06 14:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-27 13:13 --------- d-----w C:\Program Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-07-08 08:24 2,643,424 ----a-w C:\Program Files\Age2upA.exe
2007-04-21 03:52 17,152 ----a-w C:\Documents and Settings\bbb\Application Data\GDIPFONTCACHEV1.DAT
2007-04-15 16:17 17,152 ----a-w C:\Documents and Settings\Hassaan\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 18:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 18:07 114688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-23 09:42 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 07:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 01:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 11:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 07:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 01:05 212992]
"InvisibleBrowsing"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-03 18:56]
R3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 05:25]
S1 CXAVSAUD;Compro VideoMate X series Audio Capture;C:\WINDOWS\system32\DRIVERS\cxavsaud.sys [2006-03-22 04:07]
S2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2006-03-22 04:12]
S2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2006-03-22 04:07]
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-04-14 09:14]
S3 CXAVXBAR;Compro VideoMate X series AVStream Crossbar;C:\WINDOWS\system32\drivers\cxavxbar.sys [2006-03-22 04:07]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 07:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b86b350-e567-11db-b99e-00407b7973d5}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 21:03:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 21:05:44
ComboFix-quarantined-files.txt 2008-02-18 03:05:10
ComboFix2.txt 2008-02-18 02:24:07
.
2008-02-13 17:38:44 --- E O F ---

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b86b350-e567-11db-b99e-00407b7973d5}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.

Please download FindAWF from the following link:
http://noahdfear.geekstogo.com/FindAWF.exe

Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b86b350-e567-11db-b99e-00407b7973d5}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

"File::" at the top OR "Registry::"?

Typo on my part, should be "Registry::".

ComboFix log
--------------

ComboFix 08-02-18.1 - Hassaan 2008-02-17 21:55:56.6 - NTFSx86
Running from: C:\Documents and Settings\Hassaan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hassaan\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-17 21:20 . 2008-02-17 21:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 21:20 . 2008-02-17 21:20 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-17 21:20 . 2008-02-17 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 16:18 . 2008-02-17 16:18 <DIR> d-------- C:\Documents and Settings\Hassaan\Application Data\Grisoft
2008-02-17 16:10 . 2008-02-17 16:10 <DIR> d-------- C:\log
2008-02-17 15:56 . 2008-02-17 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 15:56 . 2008-02-17 15:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-17 15:56 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-17 15:51 . 2008-02-17 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 15:51 . 2008-02-17 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-17 15:31 . 2008-02-17 15:31 <DIR> d-------- C:\Documents and Settings\Hassaan\Application Data\SUPERAntiSpyware.com
2008-02-17 15:30 . 2008-02-17 15:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 15:06 . 2008-02-17 16:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 12:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-17 12:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-17 12:06 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-17 12:06 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-17 12:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-17 12:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-15 13:49 . 2008-02-15 13:49 268 --ah----- C:\sqmdata14.sqm
2008-02-15 13:49 . 2008-02-15 13:49 244 --ah----- C:\sqmnoopt14.sqm
2008-02-13 10:12 . 2008-02-13 10:13 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 14:54 . 2008-02-12 14:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-12 14:54 . 2008-02-12 14:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-09 19:57 . 2008-02-09 19:57 268 --ah----- C:\sqmdata13.sqm
2008-02-09 19:57 . 2008-02-09 19:57 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 15:19 . 2008-02-07 15:19 268 --ah----- C:\sqmdata12.sqm
2008-02-07 15:19 . 2008-02-07 15:19 244 --ah----- C:\sqmnoopt12.sqm
2008-02-06 15:16 . 2008-02-06 15:16 268 --ah----- C:\sqmdata11.sqm
2008-02-06 15:16 . 2008-02-06 15:16 244 --ah----- C:\sqmnoopt11.sqm
2008-02-06 08:56 . 2008-02-06 08:56 <DIR> d-------- C:\Nokia
2008-02-06 08:56 . 1999-09-29 19:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2008-02-06 08:56 . 1998-06-01 13:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2008-02-06 08:56 . 1998-06-01 13:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2008-02-06 08:56 . 1999-09-09 21:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2008-02-06 08:56 . 1999-06-07 17:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2008-02-06 08:56 . 1999-09-09 21:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2008-02-06 08:56 . 1999-09-30 18:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2008-02-06 08:55 . 2004-02-06 09:07 438,976 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-02-06 08:55 . 2003-10-29 02:25 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2008-02-06 08:55 . 2003-10-29 02:25 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2008-02-06 08:55 . 1999-04-26 19:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2008-02-06 08:55 . 1998-05-05 10:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2008-02-06 08:54 . 2008-02-06 08:54 <DIR> d-------- C:\Program Files\Intuwave
2008-02-06 08:49 . 2008-02-06 08:49 <DIR> d-------- C:\Program Files\Nokia
2008-02-06 06:24 . 2008-02-06 06:24 332 --a------ C:\WINDOWS\desctemp.dat
2008-02-05 15:18 . 2008-02-05 15:18 268 --ah----- C:\sqmdata10.sqm
2008-02-05 15:18 . 2008-02-05 15:18 244 --ah----- C:\sqmnoopt10.sqm
2008-02-04 08:45 . 2008-02-04 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-04 08:33 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-04 08:33 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-04 08:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-04 08:33 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-04 08:33 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-04 08:32 . 2008-02-04 08:32 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-03 15:10 . 2008-02-03 15:10 268 --ah----- C:\sqmdata09.sqm
2008-02-03 15:10 . 2008-02-03 15:10 244 --ah----- C:\sqmnoopt09.sqm
2008-02-03 10:18 . 2008-02-03 10:18 268 --ah----- C:\sqmdata08.sqm
2008-02-03 10:18 . 2008-02-03 10:18 244 --ah----- C:\sqmnoopt08.sqm
2008-01-31 20:31 . 2008-01-31 20:31 268 --ah----- C:\sqmdata07.sqm
2008-01-31 20:31 . 2008-01-31 20:31 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 16:09 . 2008-01-31 16:09 268 --ah----- C:\sqmdata06.sqm
2008-01-31 16:09 . 2008-01-31 16:09 244 --ah----- C:\sqmnoopt06.sqm
2008-01-28 23:31 . 2008-01-28 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 18:00 . 2008-01-28 18:00 268 --ah----- C:\sqmdata05.sqm
2008-01-28 18:00 . 2008-01-28 18:00 244 --ah----- C:\sqmnoopt05.sqm
2008-01-28 13:47 . 2008-01-28 13:47 268 --ah----- C:\sqmdata04.sqm
2008-01-28 13:47 . 2008-01-28 13:47 244 --ah----- C:\sqmnoopt04.sqm
2008-01-25 06:18 . 2008-01-25 06:19 <DIR> d-------- C:\Program Files\Ares
2008-01-24 08:02 . 2008-01-24 08:02 268 --ah----- C:\sqmdata03.sqm
2008-01-24 08:02 . 2008-01-24 08:02 244 --ah----- C:\sqmnoopt03.sqm
2008-01-23 19:42 . 2008-01-23 19:42 268 --ah----- C:\sqmdata02.sqm
2008-01-23 19:42 . 2008-01-23 19:42 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 21:32 --------- d-----w C:\Program Files\GuitarFX 3
2008-02-06 14:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-27 13:13 --------- d-----w C:\Program Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-27 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-07-08 08:24 2,643,424 ----a-w C:\Program Files\Age2upA.exe
2007-04-21 03:52 17,152 ----a-w C:\Documents and Settings\bbb\Application Data\GDIPFONTCACHEV1.DAT
2007-04-15 16:17 17,152 ----a-w C:\Documents and Settings\Hassaan\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 18:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 18:07 114688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-23 09:42 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 07:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 01:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 11:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 07:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 01:05 212992]
"InvisibleBrowsing"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-03 18:56]
R3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 05:25]
S1 CXAVSAUD;Compro VideoMate X series Audio Capture;C:\WINDOWS\system32\DRIVERS\cxavsaud.sys [2006-03-22 04:07]
S2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2006-03-22 04:12]
S2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2006-03-22 04:07]
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-04-14 09:14]
S3 CXAVXBAR;Compro VideoMate X series AVStream Crossbar;C:\WINDOWS\system32\drivers\cxavxbar.sys [2006-03-22 04:07]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 07:01]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 22:00:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 22:02:26
ComboFix-quarantined-files.txt 2008-02-18 04:01:52
ComboFix2.txt 2008-02-18 03:05:45
ComboFix3.txt 2008-02-18 02:24:07
.
2008-02-13 17:38:44 --- E O F ---

AWF.txt
--------

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 2008-02-17
The current time is: 22:05:59.79

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Kaspersky has been running for more than 5 and a half hours now, the scan is stuck at 54% on this file
E:\VS_2005.NET\wcu\SDK\IA64\setup.exe
and the computer is running very slow.

Go to start> control panel> add/remove programs and uninstall Kaspersky.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.

Kaspersky is still running at 72%, it's been 9 hours now. It seemed to have stuck earlier but now it's running again. It's not Kaspersky's fault I guess -- it's just that I've got Visual Studio saved on E: which is why it's taking ages to be scanned.
Wouldn't it be better if I scanned just C: instead of the whole system?

Yes, just stop the Kaspersky scan and let it scan the C: drive.

Kaspersky log at 72%. I saved it as a web page and copied it from there.
-----

KASPERSKY ONLINE SCANNER REPORT
2008-02-18 09:02
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 570328


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 135008
Number of viruses found 5
Number of infected objects 26
Number of suspicious objects 0
Duration of the scan process 10:46:23

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Hassaan\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Hassaan\Desktop\[4]-Submit_2008-02-17@16.53.zip/smss.exe Infected: Virus.Win32.AutoRun.abt skipped

C:\Documents and Settings\Hassaan\Desktop\[4]-Submit_2008-02-17@16.53.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Hassaan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Hassaan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Hassaan\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Hassaan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Hassaan\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Hassaan\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{9F5F91DB-3EAC-4304-9EE2-91B9AF03F1B4}\RP2\A0000236.exe Object is locked skipped

C:\System Volume Information\_restore{9F5F91DB-3EAC-4304-9EE2-91B9AF03F1B4}\RP5\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{A5E3DFDF-0874-4C27-80C2-F356176320EA}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\smss.exe Infected: Virus.Win32.AutoRun.abt skipped

D:\Funny UST Scandal.avi.exe Infected: Virus.Win32.AutoRun.abt skipped

D:\System Volume Information\_restore{9F5F91DB-3EAC-4304-9EE2-91B9AF03F1B4}\RP5\change.log Object is locked skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.180Solutions skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0006/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0006/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe/stream Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Animated-Emoticons.exe NSIS: infected - 10 skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0003/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0003/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0003/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0003/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0003/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0003/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Funny-Pack.exe/stream Infected: not-a-virus:AdWare.Win32.WebHancer skipped

E:\Msn 7.5\Install-Funny-Pack.exe NSIS: infected - 10 skipped

Scan was interrupted by user!

Navigate to and delete these files if found:

C:\Documents and Settings\Hassaan\Desktop\[4]-Submit_2008-02-17@16.53.zip/smss.exe

C:\Documents and Settings\Hassaan\Desktop\[4]-Submit_2008-02-17@16.53.zip

Let us know if you found and deleted the files.

I've deleted them.

There are two in D: as well

D:\smss.exe Infected: Virus.Win32.AutoRun.abt skipped

D:\Funny UST Scandal.avi.exe Infected: Virus.Win32.AutoRun.abt skipped

What to do with these?
I can't find them.

Is the D: drive an external hard drive or a partition?

It's a partition. There are 4 partitions
C,D,E,F 10GB each

Go to start> my computer> right click d: drive> click open> click tools> folder options>
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Navigate to and delete theses files if found:

D:\smss.exe

D:\Funny UST Scandal.avi.exe

Deleted.
What next?

Your E: drive is also infected.

Navigate to the E: drive as you did with the D: drive and delete these file:

E:\Msn 7.5\Install-Funny-Pack.exe

E:\Msn 7.5\Install-Animated-Emoticons.exe

Post another Kaspersky scan please.

I've deleted these two files from both E and F.

Now you want me to scan all the drives(which takes a LO