View Full Version : My computer is acting very weird, and Spybot S&D continues to have Zedo as a problem
nWo4life
2007-10-05, 19:39
Just a few days ago, my computer started not loading everything it normally did at startup, which includes AIM, Windows Messenger, and a Quicktime application. Granted, I didnt like having those all load at startup anyway, but thats beside the point. Also, my computer stopped being able to connect to the internet with AOL, and when I try loading AIM, nothing happens. Now, I have McAfee security center on my computer, and it has a function that cleans up "unnecessary" shortcuts and registry items, in order to free up space on my computer. So, Im wondering whether or not McAfee is to blame for these problems, or if something in my HJT or Kaspersky logs is the problem. Here are the logs, and thanks in advance for any and all help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:29 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1142997230\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\McAfee\MSC\mcupdui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142997230\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Christopher\Desktop\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [IEX] C:\WINDOWS\Prefetch\IEX.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IEX] C:\WINDOWS\Prefetch\IEX.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.10/cfweb_activex.camfrogweb.com-advanced-2.0.1.10_instmodule.exe
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webster-notes1.monroe.edu/iNotes6W.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DLCDCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCDserv.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 11707 bytes
nWo4life
2007-10-05, 19:41
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 05, 2007 12:36:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 427471
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 122191
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:55:25
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{6C227C83-5CAD-4B66-AFBA-5E4FA2648F77}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{951067DA-93C5-48CE-9D67-3D0F74B967AF}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3d0fed434e970bfc2b08d04a409f484_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\history.dat Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\key3.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Thomas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temp\~DF58E0.tmp Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Thomas\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0001327.exe/data.rar/Sys.bat Infected: Trojan.BAT.Agent.az skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0001327.exe/data.rar Infected: Trojan.BAT.Agent.az skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0001327.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0001327.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1C6A7AA1-0674-4123-9865-312C6FE20395}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ITVCL.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\disctel.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\diskrq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_4qHMz3V3qBssJe0 Object is locked skipped
C:\WINDOWS\Temp\mcafee_pIlnk9KEsjgdv6W Object is locked skipped
C:\WINDOWS\Temp\mcmsc_BKtlreR3jiKPihm Object is locked skipped
C:\WINDOWS\Temp\mcmsc_jlujNndf9NIIZGp Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Ow6FrNW8XqyDHBB Object is locked skipped
C:\WINDOWS\Temp\mcmsc_s5U15A01HSCd87R Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF Object is locked skipped
Scan process completed.
pskelley
2007-10-11, 11:22
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
I apologize for the wait, vacations are responsible.
Tell me you know this item:
O23 - Service: DLCDCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCDserv.exe
If not, scan that file and post the results, here are free online scanners:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
Kaspersky is showing infection in System Restore which we will clean before we finish, but it is also showing two trojans:
Manually delete the files in red, if you have a problem with them, use this tool:
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
You may need to show hidden files and folder, instructions posted next.
C:\WINDOWS\system32\disctel.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\diskrq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
Now do this:
How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post a new HJT log and any information I requested. Let me know if performance has improved.
Spybot: Issues with not removing an item are usually caused by the program not being fully updated, please make sure you are totally updated and immunized. If you need tutorials for using Spybot, let me know. If the issue persists, post your query here:
http://forums.spybot.info/forumdisplay.php?f=4 where our experts with the Spybot S&D program can assist you.
McAfee: You will need to ask McAfee questions at McAfee tech support:
http://www.mcafee.com/us/support/index.html
Thanks
nWo4life
2007-10-13, 07:36
I apologize for taking so long to reply back to this, but I havent been able to access my computer until now. Please know that I do appreciate your help. As for the DLCDserv.exe, I didnt know what that was, but I used all 3 of the scanners you linked, and none of them turned up a virus, so that file is clean. Here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:39 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1142997230\ee\AOLSoftware.exe
C:\Documents and Settings\Christopher\Desktop\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142997230\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Christopher\Desktop\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [IEX] C:\WINDOWS\Prefetch\IEX.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IEX] C:\WINDOWS\Prefetch\IEX.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.10/cfweb_activex.camfrogweb.com-advanced-2.0.1.10_instmodule.exe
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webster-notes1.monroe.edu/iNotes6W.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DLCDCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCDserv.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11645 bytes
pskelley
2007-10-13, 16:00
Thanks for returning your information and the feedback.
1) This is optional but suggested:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
2) O23 - Service: DLCDCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCDserv.exe
http://www.google.com/search?hl=en&q=DLCDserv.exe&btnG=Google+Search
If you are satisfied it is safe, then I am happy too. The spool word indicates it has to do with a printer. You should know what services run on your computer. When time permits, navigate to the file and right click. Look at the properties to see who it belongs to.
For your information:
http://vlaurie.com/computers2/Articles/services.htm
http://www.onecomputerguy.com/windowsxp_tips.htm#services_disable
3) As far as I can see, the HJT log is clean of malware, let's clean your System Restore files like this:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
4) Restart your computer and run a new Kaspersky scan which I do not need to see unlesss you have questions. Let me know how the computer is running at that point, and I will post valuable closing information.
Thanks...Phil
nWo4life
2007-10-14, 22:05
Well, I did all of that, but Kaspersky still turned up an infection. Here is the scan log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 4:00:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435824
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 87612
Number of viruses found: 1
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 02:06:21
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{951067DA-93C5-48CE-9D67-3D0F74B967AF}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3d0fed434e970bfc2b08d04a409f484_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\6.0\12\3343c00c-32e02609/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\6.0\12\3343c00c-32e02609 ZIP: infected - 1 skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\6.0\36\d4e61e4-494852f2/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\6.0\36\d4e61e4-494852f2 ZIP: infected - 1 skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-59afe7f7-599bce9e.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-59afe7f7-599bce9e.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-19c8bbdb.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-19c8bbdb.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\history.dat Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\key3.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Thomas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\AOL OCP\AIM\Storage\data\ticowboys\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\btih_TPEQ3DSZFN6W2RYHGVV3VNYWQZ7BJTNH.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_37VB3QPVRU2KDVC5FGERY6DW3BKOXNTX.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_4CNX6YIV2R3HN2EC63E2N3H6KNHZ33RL.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_5WRTNBUQHWT56IDGMPBEKAKIBLDM6LXG.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_76KDQVSKZH6R4RC5XYERNNR7FKX4Z2QF.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_7RQHVVEYKRA2O4H5EMQLCIAIETL7NX5E.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_AI75SBLPCCTAOJRV2M7JI3ARFYQK6CNH.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_AUNVTO5KJO572M6MXMOBRSZUIHRDACNR.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_BN5M5DR34THPHFAANHAKL4THYYAUFM5Z.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_BVAAI7NLLMG4MPV5EWRY5DE7UWDIMIOD.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_CLVO2EALWGSUREVTDKKVRQH7HB6E3VEN.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_F2A3NS6VQYPGBR2MQW5BSZ4KEJBA3ZD7.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_F5GWN2X6BOA2VBZBCVWPL2WYAT3ZJJDZ.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_FA7JHXBCAKQZBJHSSBXFOT6XRLJTWALY.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_GBG4EG5GSAWZOMS7XUNVXJ6IIEGH6ZL4.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_HREDFDRE736QYPHHQ67UYNKG2GBSDZHG.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_HYS2PMOUKVGKAN4OMBUPKTOAU5W7EEKP.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_IZWEM3RDEE7GATR5WHNLIXWVVNK45E4Z.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_J6J6BDABA2JGR7WEQJDFF565NBSFPCYN.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_KE4NI6LB5XRPCVZDKBWX6TZJY6REDMAH.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_LKDVJFSNIOAMKMJLE266CYCSXTKJSF2E.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_O5OZMUWXAOFSEQUG2VTF5Q4PPW4P4WG3.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_OCJTEL6XKFGSPXCPU7LYTAXVGFO5ODJE.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_OPFMVYK77PTZU27CJM7XFBZI3YB5E2WW.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_QTPP6U7WGRT4W6ELTIVFZQXJKZKITXHV.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_URW5YIDA7KZHDUN5TVB2VIIUW2MSFTE2.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_UUJOG3NH3VNBBKSDBUPP6JRROMCW5DQT.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_VLSKZSBYSRULEAHSR5ZUOLKDTBIBPHSY.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_VOSLVDOEIUOHJYAHDHKR62T2FGB2VLAV.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_WIB2NSFTG34CDGDXUAWT6VVAFNLYW37T.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_WQETJ5I6QMAKHAZK3MOXSMXZOOQN7VME.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_YY6U7Z7TU543ZPTZ3X7UNGVD6GIV3LBS.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_ZBCUOWUKTUG2MZN5A654YSCQRTX7MFS4.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temp\~DF2551.tmp Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Thomas\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-40fcf25f.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-40fcf25f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-3eb2ce16.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-3eb2ce16.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{48CE5913-9E6A-47EB-8D43-1A23C174C963}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ITVCL.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_floxiTDsfdfSbBw Object is locked skipped
C:\WINDOWS\Temp\mcafee_kzICHp9TBAL03ci Object is locked skipped
C:\WINDOWS\Temp\mcmsc_DYlFp5L9y9masKo Object is locked skipped
C:\WINDOWS\Temp\mcmsc_egfrswbKe6R4aSf Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_574.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF Object is locked skipped
Scan process completed.
pskelley
2007-10-14, 22:18
Looks like you have an infected Java cache:
C:\Documents and Settings\Christopher\Application Data\Sun\Java\Deployment\cache\6.0\12\3343c00c-32e02609/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml
Clean that cache and run another Kaspersky.
Thanks
nWo4life
2007-10-15, 07:56
Well, I did that, but yet another infection has shown up. At least the infection count is lower, but I wonder why infections keep showing up? Here is the log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 15, 2007 1:54:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/10/2007
Kaspersky Anti-Virus database records: 436055
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 87800
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 02:17:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3CD2D882-5613-4F53-A7D8-EFCDFD4EE665}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{951067DA-93C5-48CE-9D67-3D0F74B967AF}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3d0fed434e970bfc2b08d04a409f484_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\history.dat Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\key3.db Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Thomas\Application Data\Shareaza\Data\TigerTree.dat Object is locked skipped
C:\Documents and Settings\Thomas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vu8glngr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_2KRQKX6376M7ZUIHFTWF7NGA5QFP47BE.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_37VB3QPVRU2KDVC5FGERY6DW3BKOXNTX.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_4CNX6YIV2R3HN2EC63E2N3H6KNHZ33RL.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_5WRTNBUQHWT56IDGMPBEKAKIBLDM6LXG.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_63ULW2PQYKJVTOVETI24VFG3VPGCBWY5.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_AI75SBLPCCTAOJRV2M7JI3ARFYQK6CNH.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_AUNVTO5KJO572M6MXMOBRSZUIHRDACNR.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_BN5M5DR34THPHFAANHAKL4THYYAUFM5Z.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_BVAAI7NLLMG4MPV5EWRY5DE7UWDIMIOD.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_BZRWJNIJZRVX5C447DWZLAI4WZA3RIG4.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_CLVO2EALWGSUREVTDKKVRQH7HB6E3VEN.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_E7TLYGKYT3NV637EZLQTNRP2QUGQLHA2.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_F2A3NS6VQYPGBR2MQW5BSZ4KEJBA3ZD7.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_F5GWN2X6BOA2VBZBCVWPL2WYAT3ZJJDZ.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_FA7JHXBCAKQZBJHSSBXFOT6XRLJTWALY.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_FQ4CQUZQSKNPNG7FZFZDUCIQB4UTI4QW.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_GBG4EG5GSAWZOMS7XUNVXJ6IIEGH6ZL4.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_HREDFDRE736QYPHHQ67UYNKG2GBSDZHG.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_HYS2PMOUKVGKAN4OMBUPKTOAU5W7EEKP.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_IZWEM3RDEE7GATR5WHNLIXWVVNK45E4Z.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_J6J6BDABA2JGR7WEQJDFF565NBSFPCYN.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_KCMTOOKQQTAUHYFSN4JRJZM6NYF5ILEA.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_KE4NI6LB5XRPCVZDKBWX6TZJY6REDMAH.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_LKDVJFSNIOAMKMJLE266CYCSXTKJSF2E.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_LSJP5KSWRW4GZIGGDHYSTALN4ONDEDKC.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_N5PWBPSAB2Q355L7P34VWUQ4BGLYPFP3.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_NWV4AZPGM4SLI53OHMKAHRRCK6GILDH2.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_O5OZMUWXAOFSEQUG2VTF5Q4PPW4P4WG3.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_OPFMVYK77PTZU27CJM7XFBZI3YB5E2WW.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_RG4PMFNRNKH347XLJIEGUFJR6O4BSG5P.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_T27CQQDHHTH7USZH33DZZGT2Y7I6CBZQ.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_URW5YIDA7KZHDUN5TVB2VIIUW2MSFTE2.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_UUJOG3NH3VNBBKSDBUPP6JRROMCW5DQT.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_VLSKZSBYSRULEAHSR5ZUOLKDTBIBPHSY.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_VVPWGRD7XYXGGQZAVG72XRK2RL4R4WEL.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_WMUNDWYAMFC6X2QK5DP2QSONAJ73CINL.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_WQETJ5I6QMAKHAZK3MOXSMXZOOQN7VME.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_X77OXVZBLVE4AZQVXOMFNINUPXFO5MZ7.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_XZH4QM7BTMQE5BOMJVL3J36P3KMJ5T54.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_Y4BKLHAVCZ2TYAJO7CPC52ZAKCOA4AAM.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_ZBCUOWUKTUG2MZN5A654YSCQRTX7MFS4.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Application Data\Shareaza\Incomplete\sha1_ZWWRPPQFANRTOZ4SR2UUI3TYFD5TA7EY.partial Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temp\Perflib_Perfdata_e40.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temp\~DFA8A4.tmp Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Thomas\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-40fcf25f.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-40fcf25f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-3eb2ce16.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-3eb2ce16.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{48CE5913-9E6A-47EB-8D43-1A23C174C963}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ITVCL.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_floxiTDsfdfSbBw Object is locked skipped
C:\WINDOWS\Temp\mcafee_kzICHp9TBAL03ci Object is locked skipped
C:\WINDOWS\Temp\mcmsc_DYlFp5L9y9masKo Object is locked skipped
C:\WINDOWS\Temp\mcmsc_egfrswbKe6R4aSf Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF Object is locked skipped
Scan process completed.
pskelley
2007-10-15, 12:07
Your Java cache is still infected:
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-40fcf25f.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-40fcf25f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-3eb2ce16.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-3eb2ce16.zip ZIP: infected - 1 skipped
http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml
I see evidence of P2P programs, you should view this information:
http://forums.spybot.info/showthread.php?t=282
See how easy it is to get infected if you have out of date Java:
http://www.theregister.com/2007/05/11/google_malware_map/
http://redtape.msnbc.com/2007/05/the_next_net_th.html
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.6.0_02\ <<< I believe there is one update tp 03, make sure you delete ALL old version of Java, hackers exploit those.
Here is some great information to help enhance your performance and your security. If I can do more, let me know.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
nWo4life
2007-10-15, 19:58
Well, my machine was officially deemed clean by the Kaspersky scan, and it is running much better. AOL still refuses to connect to the internet, but oh well, Firefox is a better browser anyway. I downloaded a new copy of AIM and it is working perfectly, and I found out that a few of the system startup programs weren't running because they had been disabled in the system services menu. Phil, I would like to once again thank you for all your help. Hopefully I wont have to come back here again, but having all the protection in the world sometimes still cant stop a little brother from doing things that are unknowingly risky. :laugh: