WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] Help removing Downloader.Mislead.App

Started by majorkaos , Apr 05 2008 06:22 PM

This topic is locked

23 replies to this topic

#1 majorkaos

New Member

New Member
11 posts

Posted 05 April 2008 - 06:22 PM

Hi, I am hoping someone can help me. My husband's laptop was infected with the Downloader.MisleadApp. I have tried everything that was suggested,but with no success. His laptop is running Windows XP. I am including the Hijack log file.

Logfile of HijackThis v1.99.1
Scan saved at 19:02:46, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp....v...&prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IRIS_S2P] C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NSCSysTrayUI] "C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [E06AXLRD_881718] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157327505906
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: rceqtxib - C:\WINDOWS\SYSTEM32\rceqtxib.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: astrogeology - {2be26361-58a2-4836-be57-b838f02fec3f} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Microsoft DDE+ server (5e8d0349) - Unknown owner - C:\WINDOWS\system32\.5e8d0349\5e8d0349.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Advertisements

Register to Remove

#2 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 06 April 2008 - 11:01 AM

Hello and wecome, My name is DFW and I will be assisting you with your malware issues .

Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
Please bookmark or favourite this page. In case you need it as reference or etc.

Member of UNITE and ASAP

#3 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 06 April 2008 - 01:43 PM

First please go to Control Panel, then add/remove programs and uninstall your current Highjackthis, now follow
the instructions below to download and install the latest one.

Download HJTInstall.exe to your Desktop.

Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis, please close for now

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Posted Image

Click on the Save list... button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Please post back

The smitfraud Fix Log
A new HJT Log
And the Uninstall list
.

Member of UNITE and ASAP

#4 majorkaos

New Member

New Member
11 posts

Posted 06 April 2008 - 03:11 PM

Here are the log files you requested I send back:

Thanks for your help!

SmitFraudFix v2.309

Scan done at 14:52:31.64, 06/04/2008
Run from D:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kevin

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kevin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kevin\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 72.45.110.251
DNS Server Search Order: 72.45.110.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{273D2FA9-AD9F-4FD7-861D-EEE53A4B7BF6}: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{273D2FA9-AD9F-4FD7-861D-EEE53A4B7BF6}: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{273D2FA9-AD9F-4FD7-861D-EEE53A4B7BF6}: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=72.45.110.251 72.45.110.252

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Here is the new HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:25, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp....v...&prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IRIS_S2P] C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NSCSysTrayUI] "C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157327505906
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - Winlogon Notify: rceqtxib - C:\WINDOWS\SYSTEM32\rceqtxib.dll
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9855 bytes

Here is the Uninstall list:

ACDSee 7.0 PowerPack
Active@ UNDELETE Enterprise (Network Edition)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Illustrator CS
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Apple Software Update
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
BroadJump Client Foundation
CFPAS -- SEPFC 2007
Conexant HD Audio
Customer Experience Enhancement
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
FUJIFILM USB Driver
Google Desktop
Google Toolbar for Internet Explorer
GTOneCare
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP QuickPlay 2.1
HP Software Update
HP User Guides 0011
HP User Guides--System Recovery
HP Wireless Assistant 2.00 E1
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
Intel® PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Professional Edition 2003
Microsoft Protection Service
Microsoft Streets & Trips 2006 with GPS Locator
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Live OneCare Resources v2.0.2500.22
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.0.2500.22
Microsoft Windows OneCare Live v2.0.2500.22 Idcrl Install
Microsoft Works
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.5
Network Scan
NoAdware v5.0
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
PDF Manual NW-S200 Series
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
PX Engine
QuickTime
Readiris Pro 10
Samsung CLX-3160 Series
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Serif PhotoPlus 6.0
SmartAudio
SmarThru 4
SmarThru PC Fax
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicStage 4.0
Super TextTwist
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VuePrint
WildTangent Web Driver
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinZip
Wireless Home Network Setup
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

#5 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 06 April 2008 - 05:15 PM

Hi majorkaos

On my last post, I asked you to download smitfraud Fix and run option 1, did you run option 1 or option 2, because it appears lines from your
HJT log are gone, or did you do something else to remove those lines.

please follow my instructions exactly as given,please do not try fixing things on your own, or we are going to get into a bit of a mess

You may wish to print out or save these instructions

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including

Operating System Version
CPU Type and Speed
Memory Amount
Video Card type and Driver Version
Sound Card type and Driver Version
DirectX Version
Location that the Web Driver was installed from
It is also a MAJOR resource hog.

For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight Wild Tangent, click Remove.
Close the Add or Remove Programs and the Control Panel windows.

DownLoad CCleaner

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder,
back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner to clean temp files from your computer.
http://www.ccleaner....ownloading-slim

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted.
(If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

Close Cleaner, will run it later

Double click CCleaner icon on desktop
Click on Run Cleaner
Confirm to delete

Now close CCleaner

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
- Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Now reboot your system

Please post

A new HJT Log
Malwarebytes Log
SmitfraudFix Log

Member of UNITE and ASAP

#6 majorkaos

New Member

New Member
11 posts

Posted 06 April 2008 - 08:06 PM

Hi, just to let you know, I have been following your nstructions. I did mention that I was working on my husband's laptop. He got frustrated when I was out shopping and tried to work on the system himself,, with the help of some friends, hence what you saw.

It took awhile to run the scan for Malwarebytes, as his laptop kept warning that it was shutting down, something to do with lsass.exe.

Here is the new HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:18, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp....v...&prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IRIS_S2P] C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NSCSysTrayUI] "C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157327505906
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - Winlogon Notify: rceqtxib - C:\WINDOWS\SYSTEM32\rceqtxib.dll
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9911 bytes

Here is the Malwarebytes log (by the way, it did not find anything, but we still get popups that look like system programs scanning our system, but they are not legit.):

Malwarebytes' Anti-Malware 1.10
Database version: 597

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 129114
Time elapsed: 49 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And now for your last log file, you asked for the SmitfraudFix log, but you did not ask for a new one, so here is the old one:

SmitFraudFix v2.309

Scan done at 14:52:31.64, 06/04/2008
Run from D:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kevin

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kevin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kevin\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 72.45.110.251
DNS Server Search Order: 72.45.110.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{273D2FA9-AD9F-4FD7-861D-EEE53A4B7BF6}: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{273D2FA9-AD9F-4FD7-861D-EEE53A4B7BF6}: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{273D2FA9-AD9F-4FD7-861D-EEE53A4B7BF6}: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=72.45.110.251 72.45.110.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=72.45.110.251 72.45.110.252

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Thanks again......

#7 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 07 April 2008 - 03:43 PM

I can understand your husband's eagerness to restore his laptop to a clean condition; however, the actions he and his friends have taken may have served only to mask symptoms of the infection rather than to actually remove it. Unfortunately, having no indication of what they may or may not have done, it is impossible to make an accurate assessment.

At this point, a decision needs to be reached, either your husband wants the help of WTT or he wants to do this himself. I cannot continue to work on cleaning up a system while someone else is working at cross purposes. This is too dangerous. As an example, had I not correctly assessed that work had been done other than what I had requested, I would have asked you to run SmitfraudFix Option #2, which would very likely have resulted in the loss of the system's Desktop as the status of the system had been altered.

It is not safe to work in the dark like this, not knowing what someone else may be doing in the meantime, and/or what settings they may have altered. I will not take that risk. If your husband prefers to continue his attempts to clean the computer on his own, let me know and I will close this topic. If he prefers that you continue working with us to clean up the system, then follow these next instructions:

NoAdware v5.0 is installed on this computer. It needs to be removed. See the information here:

http://www.bleepingc...dware-v5.0.html

This Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware

.

Go to Control Panel > Add or Remove Programs and remove NoAdware v5.0
Malwarebytes you just installed will do a much better job at removing nasties.

You have Java istalled that are out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please go to Control Panel Add/Remove programs and uninstall the Java's below.

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1

This is the one you need to keep.
Java™ 6 Update 5.

1.Download and Run combofix

For information regarding Combofix, please visit this webpage:
http://www.bleepingc...to-use-combofix
Please ensure you install the Recovery Console

Download this file from one of the three below listed places and place it at your DESKTOP

Link 1
Link 2
Link 3

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note: Combofix should not be used without supervision

Please back back with

Combofixlog
New HJT Log

Edited by dfw, 07 April 2008 - 03:45 PM.

Member of UNITE and ASAP

#8 majorkaos

New Member

New Member
11 posts

Posted 09 April 2008 - 02:23 PM

I am just letting you know that both my husband and I are away due to work requirements. He has agreed to let me fix his laptop without further interferance. I will be looking at it again Friday evening. I just wanted to let you know so that you don't think we are ignoring your advice. Thank you for your assistance!

#9 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 09 April 2008 - 02:33 PM

Thanks for letting us know :thumbup:

Member of UNITE and ASAP

#10 majorkaos

New Member

New Member
11 posts

Posted 11 April 2008 - 08:07 PM

Hi, here are the new logs as requested.

Combofixlog:

ComboFix 08-04-11.5 - Kevin 2008-04-11 19:55:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.536 [GMT -6:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-09 19:52 . 2008-04-09 19:56 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-06 17:54 . 2008-04-06 17:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-06 17:54 . 2008-04-06 17:54 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2008-04-06 17:54 . 2008-04-06 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 17:49 . 2008-04-06 17:49 <DIR> d-------- C:\Program Files\CCleaner
2008-04-06 14:52 . 2008-04-06 14:52 5,202 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-06 14:48 . 2008-04-06 14:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 19:55 . 2008-04-06 17:43 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-30 19:18 . 2008-03-30 19:22 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-30 15:40 . 2008-03-30 15:34 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-30 15:34 . 2008-03-30 15:43 <DIR> d-------- C:\Documents and Settings\Kevin\.housecall6.6
2008-03-30 08:04 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-03-30 08:04 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-03-30 08:03 . 2008-03-30 08:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-30 08:03 . 2007-03-29 06:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-03-30 08:03 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-03-30 08:03 . 2007-03-29 06:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-30 08:03 . 2007-03-29 06:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-30 08:03 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-03-30 08:03 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-30 08:03 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-03-30 07:52 . 2008-04-11 13:19 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-30 00:45 . 2008-03-30 00:45 225,280 --a------ C:\WINDOWS\system32\rceqtxib.dll
2008-03-25 19:47 . 2008-03-30 08:23 <DIR> d--h----- C:\WINDOWS\system32\.5e8d0349
2008-03-21 13:04 . 2008-03-21 13:05 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-03-21 13:04 . 2008-03-21 13:04 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-03-21 12:16 . 2008-03-21 12:16 0 --a------ C:\LOG1C.tmp
2008-03-19 18:39 . 2008-03-19 18:39 0 --a------ C:\LOG9.tmp
2008-03-16 08:50 . 2008-03-16 08:50 <DIR> d-------- C:\Program Files\Active Data Recovery Software
2008-03-14 16:11 . 2008-03-14 16:11 0 --a------ C:\LOG238.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 01:29 --------- d-----w C:\Program Files\Java
2008-04-06 23:45 --------- d-----w C:\Program Files\WildTangent
2008-03-30 23:14 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-03-30 23:14 15,360 ----a-w C:\WINDOWS\system32\dllcache\taskman.exe
2008-03-30 23:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-30 13:51 --------- d-----w C:\Program Files\Symantec
2008-03-30 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-21 18:20 --------- d-----w C:\Documents and Settings\Kevin\Application Data\U3
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-18 17:41 --------- d-----w C:\Program Files\MagicISO
2008-03-12 02:17 --------- d-----w C:\Program Files\CFPAS_SEPFC_2007
2008-03-03 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-02 00:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-09-18 22:25 247 -c--a-w C:\Program Files\setuplog.txt
2005-09-24 16:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-09-19 17:53 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-05_19.02.28.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2008-04-02 00:01:36 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-10 01:55:18 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-02 00:01:36 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-10 01:55:18 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-02 00:01:36 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-10 01:55:18 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-02 00:01:36 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-10 01:55:18 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-02 00:01:36 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-10 01:55:18 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-02 00:01:36 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-10 01:55:18 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-02 00:01:36 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-10 01:55:18 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-02 00:01:37 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-10 01:55:18 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-02 00:01:36 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-10 01:55:18 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-02 00:01:36 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-10 01:55:18 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-02 00:01:37 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-10 01:55:19 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-02 00:01:36 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-10 01:55:18 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-02 00:01:36 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-10 01:55:18 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-02 00:04:20 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-10 01:55:35 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-02 00:04:20 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-10 01:55:36 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-02 00:04:20 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-10 01:55:35 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-02 00:04:20 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-10 01:55:36 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-02 00:04:20 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-10 01:55:36 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-02 00:04:20 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-10 01:55:36 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-02 00:04:21 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-10 01:55:36 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-02 00:04:20 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-10 01:55:35 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-02 00:04:20 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-10 01:55:35 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-02 00:04:21 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-10 01:55:36 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-02 00:04:20 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-10 01:55:35 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-02 00:04:20 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-10 01:55:35 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-09-02 04:40:19 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2008-04-12 01:27:33 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2007-12-07 02:21:45 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-12-07 02:21:45 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-07 02:21:45 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-02 00:11:45 474,760 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-10 09:47:58 474,760 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-12 00:24:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_270.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 18:25 101080]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 19:45 68856]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 06:17 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 20:49 454656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 12:26 86016]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 23:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 23:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 22:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 14:38 131072]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11 866584]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 03:17 1838592]
"NWEReboot"="" []
"IRIS_S2P"="C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe" [2006-12-07 05:02 253952]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2007-08-17 00:17 524288]
"NSCSysTrayUI"="C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe" [2006-09-14 19:16 270336]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 12:26 7561216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rceqtxib]
rceqtxib.dll 2008-03-30 00:45 225280 C:\WINDOWS\system32\rceqtxib.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5e8d0349]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Samsung\\NetworkScan\\NSCSysTrayUI.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Active Data Recovery Software\\Active UNDELETE\\UndeleteAgent.exe"=

S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
S4 5e8d0349;Microsoft DDE+ server;C:\WINDOWS\system32\.5e8d0349\5e8d0349.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccc2d8f-3bac-11db-9060-0013026c7717}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb7acf81-9fad-11dc-9109-0013026c7717}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 01:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 19:58:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rceqtxib.dll
.
Completion time: 2008-04-11 19:58:45
ComboFix-quarantined-files.txt 2008-04-12 01:58:40
ComboFix2.txt 2008-04-06 01:02:41
Pre-Run: 44,899,790,848 bytes free
Post-Run: 44,928,327,680 bytes free
.
2008-04-10 01:56:32 --- E O F ---

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:56, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp....v...&prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IRIS_S2P] C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NSCSysTrayUI] "C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157327505906
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - Winlogon Notify: rceqtxib - C:\WINDOWS\SYSTEM32\rceqtxib.dll
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9854 bytes

Advertisements

Register to Remove

#11 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 12 April 2008 - 12:46 PM

Hi again

Please connect your all your external hard drive/flash drive before running all scans

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File:: 
C:\WINDOWS\system32\rceqtxib.dll
C:\WINDOWS\Fonts\RandFont.dll



Folder::
C:\Program Files\NoAdware5.0
C:\WINDOWS\SxsCaPendDel
C:\WINDOWS\system32\5e8d0349.exe

DirLook::
C:\WINDOWS\system32\bits 

Registry:: 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rceqtxib]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5e8d0349]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccc2d8f-3bac-11db-9060-0013026c7717}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb7acf81-9fad-11dc-9109-0013026c7717}]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please run CCleaner on all user acoounts before online scan, this cuts down on scanning time and log size

Double click CCleaner icon on desktop
Click on Run Cleaner
Confirm to delete

Now close CCleaner

1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run.
Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
Click the Save Report As... button (see red arrow below)
In the Save as... prompt, select Desktop
In the File name box, name the file KasScan-ddmmyy (or similar)
In the Save as type prompt, select Text file (see below)
Copy and paste the report in your next post.

Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Please post back
SDFix Log
Combofix Log
Kaspersky Online Scan Log
A Fresh HJT Log

Member of UNITE and ASAP

#12 majorkaos

New Member

New Member
11 posts

Posted 12 April 2008 - 09:40 PM

Thanks for the help. Here are the log files as requested.

SDFix: Version 1.170
Run by Kevin on 12/04/2008 at 13:44

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\LOG11B.TMP - Deleted
C:\LOG12.TMP - Deleted
C:\LOG14A.TMP - Deleted
C:\LOG17A.TMP - Deleted
C:\LOG1C.TMP - Deleted
C:\LOG20.TMP - Deleted
C:\LOG238.TMP - Deleted
C:\LOG2F.TMP - Deleted
C:\LOG50.TMP - Deleted
C:\LOG67.TMP - Deleted
C:\LOG7.TMP - Deleted
C:\LOG76.TMP - Deleted
C:\LOG8.TMP - Deleted
C:\LOG85.TMP - Deleted
C:\LOG9.TMP - Deleted
C:\LOGA.TMP - Deleted
C:\LOGB.TMP - Deleted
C:\LOGF.TMP - Deleted
C:\WINDOWS\system32\keylog.txt - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 13:52:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ae,05,ec,d4,a6,73,8a,31,31,45,8b,9f,8f,02,03,38,b6,cb,14,6d,76,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ae,05,ec,d4,a6,73,8a,31,31,45,8b,9f,8f,02,03,38,b6,cb,14,6d,76,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Samsung\\NetworkScan\\NSCSysTrayUI.exe"="C:\\Program Files\\Samsung\\NetworkScan\\NSCSysTrayUI.exe:*:Enabled:SysTrayUI Module"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Active Data Recovery Software\\Active UNDELETE\\UndeleteAgent.exe"="C:\\Program Files\\Active Data Recovery Software\\Active UNDELETE\\UndeleteAgent.exe:*:Enabled:Remote Recovery Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 19 Sep 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sat 2 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 26 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 28 Jun 2007 3,096,576 A..H. --- "C:\Documents and Settings\Kevin\Application Data\U3\temp\Launchpad Removal.exe"
Sun 30 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch1\lock.tmp"
Sun 30 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\lock.tmp"
Sun 30 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\lock.tmp"
Sun 30 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch4\lock.tmp"
Sun 30 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\lock.tmp"

Finished!

ComboFix:

ComboFix 08-04-11.5 - Kevin 2008-04-12 14:02:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.536 [GMT -6:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\system32\rceqtxib.dll
.

Kaspersky Online Scan Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 9:32:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 700711
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 107837
Number of viruses found: 3
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 05:38:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-03302008-080343.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped
C:\Documents and Settings\Kevin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\Microsoft\Outlook Express\alt.binaries.multimedia.erotica.female.dbx/[From 6594paris@yahoo.com][Date Wed, 30 Aug 2006 20:01:36 GMT]/Mandy Infected: Trojan-Downloader.WMA.Wimad.h skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\Microsoft\Outlook Express\alt.binaries.multimedia.erotica.female.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\Microsoft\Outlook Express\alt.binaries.nospam.post-yourself-nude.dbx/[From 12254paris@yahoo.com][Date Thu, 31 Aug 2006 20:07:29 GMT]/Salma Infected: Trojan-Downloader.WMA.Wimad.h skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\Microsoft\Outlook Express\alt.binaries.nospam.post-yourself-nude.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bondage.female.dbx/[From 20410paris@yahoo.com][Date Wed, 30 Aug 2006 20:11:03 GMT]/Jennifer Infected: Trojan-Downloader.WMA.Wimad.h skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bondage.female.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temp\~DF52F6.tmp Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temp\~DF5301.tmp Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temp\~DF7135.tmp Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temp\~DFEE47.tmp Object is locked skipped
C:\Documents and Settings\Kevin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Kevin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kevin\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kevin\Temporary Internet Files\Content.IE5\0D854JXI\bind[1].htm Object is locked skipped
C:\Documents and Settings\Kevin\Temporary Internet Files\Content.IE5\3EUHG3MY\mail[3] Object is locked skipped
C:\Documents and Settings\Kevin\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP23\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A98DEDEA-18DD-4446-9A56-FBFEF5337761}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_234.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\SmitfraudFix.exe RarSFX: infected - 2 skipped
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP23\change.log Object is locked skipped
E:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP23\change.log Object is locked skipped
G:\Programs\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
G:\Programs\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP23\change.log Object is locked skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 20.ZIP/C/Documents and Settings/Kevin/Local Settings/Application Data/Identities/{09CAD02B-7833-4A59-9123-2F237669133D}/Microsoft/Outlook Express/alt.binaries.multimedia.erotica.female.dbx/[From 6594paris@yahoo.com][Date Wed, 30 Aug 2006 20:01:36 GMT]/Mandy Infected: Trojan-Downloader.WMA.Wimad.h skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 20.ZIP/C/Documents and Settings/Kevin/Local Settings/Application Data/Identities/{09CAD02B-7833-4A59-9123-2F237669133D}/Microsoft/Outlook Express/alt.binaries.multimedia.erotica.female.dbx Infected: Trojan-Downloader.WMA.Wimad.h skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 20.ZIP ZIP: infected - 2 skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 25.ZIP/C/Documents and Settings/Kevin/Local Settings/Application Data/Identities/{09CAD02B-7833-4A59-9123-2F237669133D}/Microsoft/Outlook Express/alt.binaries.nospam.post-yourself-nude.dbx/[From 12254paris@yahoo.com][Date Thu, 31 Aug 2006 20:07:29 GMT]/Salma Infected: Trojan-Downloader.WMA.Wimad.h skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 25.ZIP/C/Documents and Settings/Kevin/Local Settings/Application Data/Identities/{09CAD02B-7833-4A59-9123-2F237669133D}/Microsoft/Outlook Express/alt.binaries.nospam.post-yourself-nude.dbx Infected: Trojan-Downloader.WMA.Wimad.h skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 25.ZIP ZIP: infected - 2 skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 28.ZIP/C/Documents and Settings/Kevin/Local Settings/Application Data/Identities/{09CAD02B-7833-4A59-9123-2F237669133D}/Microsoft/Outlook Express/Part##0 of alt.binaries.pictures.erotica.bondage.female.dbx/[From 20410paris@yahoo.com][Date Wed, 30 Aug 2006 20:11:03 GMT]/Jennifer Infected: Trojan-Downloader.WMA.Wimad.h skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 28.ZIP/C/Documents and Settings/Kevin/Local Settings/Application Data/Identities/{09CAD02B-7833-4A59-9123-2F237669133D}/Microsoft/Outlook Express/Part##0 of alt.binaries.pictures.erotica.bondage.female.dbx Infected: Trojan-Downloader.WMA.Wimad.h skipped
G:\Windows OneCare Backup\CHAOTIC-KEVIN\2008\Files\Part 28.ZIP ZIP: infected - 2 skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\DO_NOT_DELETE.globalCatalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\DO_NOT_DELETE_SES_{09FA1526-8B23-4BA5-9F28-2AE7DBCF3A7C}.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\DO_NOT_DELETE_SES_{49B72AE7-A282-49BE-B4E0-ABA31692EFED}.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 1.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 10.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 11.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 12.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 13.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 14.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 15.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 16.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 17.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 18.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 19.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 2.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 20.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 21.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 22.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 23.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 24.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 25.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 26.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 27.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 28.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 29.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 3.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 30.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 31.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 32.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 33.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 34.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 35.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 36.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 37.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 38.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 39.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 4.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 40.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 41.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 42.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 43.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 44.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 45.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 46.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 47.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 48.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 49.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 5.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 50.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 51.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 52.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 53.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 54.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 55.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 56.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 57.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 58.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 59.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 6.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 60.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 61.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 62.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 63.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 64.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 65.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 66.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 67.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 68.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 69.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 7.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 70.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 71.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 72.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 73.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 74.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 75.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 76.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 77.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 78.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 79.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 8.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 80.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 82.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Catalogs\Part 9.ZIP.catalog Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\DO_NOT_DELETE.backupSetID Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\DO_NOT_DELETE_SES_{09FA1526-8B23-4BA5-9F28-2AE7DBCF3A7C} Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\DO_NOT_DELETE_SES_{49B72AE7-A282-49BE-B4E0-ABA31692EFED} Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 1.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 10.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 11.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 12.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 13.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 14.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 15.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 16.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 17.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 18.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 19.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 2.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 20.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 21.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 22.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 23.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 24.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 25.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 26.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 27.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 28.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 29.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 3.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 30.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 31.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 32.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 33.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 34.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 35.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 36.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 37.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 38.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 39.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 4.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 40.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 41.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 42.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 43.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 44.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 45.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 46.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 47.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 48.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 49.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 5.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 50.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 51.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 52.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 53.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 54.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 55.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 56.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 57.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 58.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 59.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 6.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 60.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 61.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 62.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 63.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 64.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 65.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 66.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 67.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 68.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 69.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 7.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 70.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 71.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 72.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 73.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 74.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 75.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 76.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 77.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 78.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 79.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 8.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 80.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 82.ZIP Object is locked skipped
G:\Windows OneCare Backup\SUSIEHARI-PC\2007\Files\Part 9.ZIP Object is locked skipped

Scan process completed.

New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp....v...&prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IRIS_S2P] C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NSCSysTrayUI] "C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157327505906
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - Winlogon Notify: rceqtxib - rceqtxib.dll (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10026 bytes

#13 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 13 April 2008 - 03:39 AM

Thanks for the logs, however it looks like the Combofix is cut short.

Please post the entire contents of the latest combofix scan (it will be in your C:\ drive, probably named Combofix2.txt.) If there are more, choose the latest one. When it is open, select the entire contents (Ctrl + A), copy them (Ctrl + C), and paste them (Ctrl + V) back here as a reply to this post.

If you had problems with Combofix, please let me know

Member of UNITE and ASAP

#14 majorkaos

New Member

New Member
11 posts

Posted 13 April 2008 - 05:13 AM

I posted what was there. There are no other files for ComboFix. The computer did restart while it was running ComboFix, but I had thought that that was due to combofix. Should I rerun it?

#15 DFW

Authentic Member

Visiting Fellow
170 posts

Posted 13 April 2008 - 05:29 AM

No, not yet, I be asap

Member of UNITE and ASAP

Body Background

skin color theme