View Full Version : Can a virus turn a computer off?
capitalcollins
2008-03-05, 17:46
The computer turns itself off during a McAfee scan every time. I suspect a virus so I started running the required initial scans. Kampersky scan ran fine but the computer turned off during the spybot scan. I kept restarting the scan and during one of the scans there were several items to fix so I aborted the scan and had it fix those items. I've started the scan repeatedly but have not made it through to the end without the computer turning itself off. When the computer does turn itself off, I can press the power button and the computer appears to run but does not boot. After doing a hard power down, the computer will come back up. I am posting the Kampersky and HJT logs. Please tell me what you make of it. Thank you.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 05, 2008 11:05:52 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/03/2008
Kaspersky Anti-Virus database records: 598874
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 144003
Number of viruses found: 2
Number of infected objects: 0
Number of suspicious objects: 35
Duration of the scan process: 02:43:07
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{338701C7-D2AB-474A-AD41-A77D625D7E8A}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SITEguard\siteguard.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\STOPzilla!\sgdefs.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\STOPzilla!\targets.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\STOPzilla!\userdata.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\STOPzilla!\zilla5.log Object is locked skipped
C:\Documents and Settings\Bud\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bud\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Bud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bud\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bud\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat Object is locked skipped
C:\Documents and Settings\Bud\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bud\Local Settings\Temporary Internet Files\Content.IE5\R5OMTIAY\mcfscan[1].cab Object is locked skipped
C:\Documents and Settings\Bud\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bud\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Wed, 22 May 2002 21:07:50 -0500]/html Suspicious: not-a-virus:URL.IDFrame skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Thu, 30 May 2002 18:40:19 -0500]/html Suspicious: not-a-virus:URL.IDFrame skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Fri, 31 May 2002 06:45:00 -0500]/html Suspicious: not-a-virus:URL.IDFrame skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Mon, 03 Jun 2002 18:57:40 -0500]/html Suspicious: not-a-virus:URL.IDFrame skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Fri, 07 Jun 2002 06:51:39 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Thu, 13 Jun 2002 04:44:29 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Thu, 13 Jun 2002 18:47:37 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Thu, 13 Jun 2002 18:48:10 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Thu, 13 Jun 2002 18:48:31 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Thu, 13 Jun 2002 18:49:02 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Thu, 13 Jun 2002 18:49:43 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 ... /[From Bud Collins <hcollins29@attbi.com>][Date Fri, 14 Jun 2002 07:16:38 -050 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Sat, 15 Jun 2002 09:07:15 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Sun, 16 Jun 2002 05:37:46 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Sun, 16 Jun 2002 05:38:08 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Sun, 16 Jun 2002 11:37:17 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Mon, 17 Jun 2002 05:36:32 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Tue, 18 Jun 2002 19:21:46 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Tue, 18 Jun 2002 19:22:36 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Wed, 19 Jun 2002 05:22:31 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Wed, 19 Jun 2002 18:29:43 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 ... /[From Bud Collins <hcollins29@attbi.com>][Date Fri, 21 Jun 2002 18:59:12 -050 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Sun, 23 Jun 2002 04:00:29 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Tue, 25 Jun 2002 19:21:19 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/
capitalcollins
2008-03-05, 17:48
remainder of kampersky log:
[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 .. ... /[From Bud Collins <hcollins29@attbi.com>][Date Tue, 13 Aug 2002 21:11:49 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 ... /[From Bud Collins <hcollins29@attbi.com>][Date Wed, 07 Aug 2002 17:12:44 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 ... /[From Bud Collins <hcollins29@attbi.com>][Date Fri, 21 Jun 2002 18:59:12 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 ... /[From Bud Collins <hcollins29@attbi.com>][Date Fri, 14 Jun 2002 07:16:38 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2 ... /[From Bud Collins <hcollins29@attbi.com>][Date Wed, 15 May 2002 21:04:55 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Sat, 23 Mar 2002 14:43:36 -0600]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Tue, 05 Mar 2002 18:51:51 -0600]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 25 Feb 2002 18:54:21 -0600]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text/[From Bud Collins <hcollins29@attbi.com>][Date Fri, 25 Jan 2002 06:50:40 -0600]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent/[From Bud Collins <hcollins29@attbi.com>][Date Mon, 21 Jan 2002 18:19:08 -0600]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Netscape\Users\hcollins29\Mail\Sent Mail Berkeley mbox: suspicious - 34 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2B08A313-C997-44E3-9737-4449F1DACB08}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_KZaT00tcYg7l079 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_nOFUE5BMRigWB3L Object is locked skipped
C:\WINDOWS\Temp\mcmsc_RRIXbNgX08YSd4C Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:04 AM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.solsticeforum.com/forum/cmps_index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.30.143.1:80
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BUD\Application
Data\Mozilla\Profiles\default\vkrzruke.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6
"USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\simpleshare1\Stylus-CX4800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P28 "\\simpleshare1\Stylus-CX4800" /O28
"\\simpleshare1\Stylus-CX4800" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MagnifyingGlass] C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default
user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file
missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - http://mail.tripplite.com/iNotes.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/166c577221895d472a06/netzip/RdxIE6.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - http://mail.tripplite.com/download/dolcontrol.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (NAS Finder Helper) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 12325 bytes
little eagle
2008-03-12, 02:58
Click HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan
* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new hijackthis log.
capitalcollins
2008-03-12, 17:44
Thank you! The Panda log is too long so the remainder of it and the HJT log are in the next post.
Incident Status Location
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\default\vkrzruke.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.paycounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bud\Cookies\bud@ad.yieldmanager[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Bud\Cookies\bud@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Bud\Cookies\bud@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bud\Cookies\bud@advertising[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Bud\Cookies\bud@bravenet[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Bud\Cookies\bud@citi.bridgetrack[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Bud\Cookies\bud@com[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Bud\Cookies\bud@did-it[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Bud\Cookies\bud@go[2].txt
Spyware:Cookie/Servlet Not disinfected C:\Documents and Settings\Bud\Cookies\bud@livehelper[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bud\Cookies\bud@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bud\Cookies\bud@perf.overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bud\Cookies\bud@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bud\Cookies\bud@server.iad.liveperson[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Bud\Cookies\bud@stat.onestat[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Bud\Cookies\bud@target[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Bud\Cookies\bud@toplist[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bud\Cookies\bud@trafficmp[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Bud\Cookies\bud@webpower[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Bud\Cookies\bud@xiti[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.atwola.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.centrport.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.paycounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[server.iad.liveperson.net/hc/66693905]
Virus:JS/Fortnight@M Disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000483.~]
Virus:JS/Fortnight@M Disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000489.~]
Virus:JS/Fortnight@M Disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000492.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000512.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000515.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000521.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000524.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000527.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000530.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000533.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000538.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000544.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000547.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000550.~]
capitalcollins
2008-03-12, 17:45
Remainder of Panda log with the HJT log below:
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000553.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000556.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000559.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000563.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000566.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000569.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000573.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000576.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000583.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000647.~]
Dialer:Dialer.B Not disinfected C:\WUSB11v25\Utility\data1.cab[WUSB11Cfg.exe]
Possible Virus. Not disinfected C:\WUSB11v25\Utility\Setup.exe
Dialer:Dialer.B Not disinfected D:\Compaq Computer\WUSB11v25\Utility\data1.cab[WUSB11Cfg.exe]
Possible Virus. Not disinfected D:\Compaq Computer\WUSB11v25\Utility\Setup.exe
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:40 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.solsticeforum.com/forum/cmps_index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.30.143.1:80
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BUD\Application Data\Mozilla\Profiles\default\vkrzruke.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\simpleshare1\Stylus-CX4800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P28 "\\simpleshare1\Stylus-CX4800" /O28 "\\simpleshare1\Stylus-CX4800" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MagnifyingGlass] C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - http://mail.tripplite.com/iNotes.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/166c577221895d472a06/netzip/RdxIE6.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - http://mail.tripplite.com/download/dolcontrol.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (NAS Finder Helper) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 12487 bytes
little eagle
2008-03-13, 02:29
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
capitalcollins
2008-03-13, 12:45
The only noticeable symptom at this point is that the computer turns itself off during a Spybot scan or a McAfee scan. I was able to do the Kaspersky scan and the Panda scan with no trouble. I did some reading online and found some topics relating to malware shutting a computer down rather than be cleaned.
It is also slower than it used to be and there is some trouble occasionally getting IE to connect to the internet.
Thank you!!!!!
Here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:05 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.solsticeforum.com/forum/cmps_index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.30.143.1:80
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BUD\Application Data\Mozilla\Profiles\default\vkrzruke.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\simpleshare1\Stylus-CX4800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P28 "\\simpleshare1\Stylus-CX4800" /O28 "\\simpleshare1\Stylus-CX4800" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MagnifyingGlass] C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - http://mail.tripplite.com/iNotes.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/166c577221895d472a06/netzip/RdxIE6.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - http://mail.tripplite.com/download/dolcontrol.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (NAS Finder Helper) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 12433 bytes
little eagle
2008-03-13, 13:41
We will need to disable TeaTimer
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
------------------------------
Close all programs leaving only HijackThis running. Place a check against each of the following,
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/166c577221895d4...zip/RdxIE6.cab
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (NAS Finder Helper) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
Click on Fix Checked when finished and exit HijackThis.
-----------------------------
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.
In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
capitalcollins
2008-03-13, 16:25
Combofix log below - HJT log in next post
ComboFix 08-03-10.1 - Bud 2008-03-13 11:01:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.646 [GMT -4:00]
Running from: C:\Documents and Settings\Bud\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.
2008-03-12 10:57 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-12 10:40 . 2008-03-12 12:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-12 10:40 . 2008-03-12 10:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-12 10:40 . 2008-03-12 10:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-12 10:40 . 2008-03-12 10:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-06 11:34 . 2008-03-06 11:34 <DIR> d-------- C:\VundoFix Backups
2008-03-05 12:32 . 2008-03-05 12:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 10:43 . 2008-03-04 10:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-04 10:43 . 2008-03-04 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 20:30 . 2007-12-14 02:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-03 20:29 . 2008-03-03 20:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-02 14:08 . 2008-03-13 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-02 14:07 . 2008-03-12 11:57 <DIR> d-------- C:\Program Files\STOPzilla!
2008-03-02 14:07 . 2008-03-02 14:07 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-02 14:07 . 2008-03-13 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-01 17:48 . 2008-03-01 17:48 <DIR> d-------- C:\Documents and Settings\Bud\Application Data\System Tweaker
2008-03-01 17:38 . 2008-03-01 18:37 <DIR> d-------- C:\Program Files\Uniblue
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\Bud\Application Data\Uniblue
2008-03-01 10:26 . 2008-03-01 15:22 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-27 06:23 . 2008-03-08 09:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-27 06:23 . 2008-02-27 06:23 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 15:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-12 15:57 --------- d-----w C:\Program Files\SiteAdvisor
2008-03-12 15:40 --------- d-----w C:\Program Files\Google
2008-03-12 14:55 --------- d-----w C:\Program Files\Virtual Magnifying Glass
2008-03-12 14:55 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-03-12 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 10:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-04 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 00:30 --------- d-----w C:\Program Files\Java
2008-03-04 00:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-01 23:44 --------- d-----w C:\Program Files\Linksys
2008-03-01 14:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-22 03:37 --------- d-----w C:\Program Files\McAfee
2008-01-31 17:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-26 13:36 --------- d-----w C:\Program Files\QuickTime
2008-01-26 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2005-11-19 13:43 284 ----a-w C:\Documents and Settings\Bud\Application Data\ViewerApp.dat
2005-05-19 23:55 68,936 -c--a-w C:\Documents and Settings\Bud\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"MagnifyingGlass"="C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe" [2004-10-29 15:12 73728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-11 13:05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 19:45 114688]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 23:00 98304]
"nwiz"="nwiz.exe" [2004-10-29 18:50 921600 C:\WINDOWS\system32\nwiz.exe]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 03:33 582992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 06:42 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"\\simpleshare1\Stylus-CX4800"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 23:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]
C:\Documents and Settings\Bud\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-04-04 05:43:58 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alogserv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestPopUpKiller]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-10-29 18:50 921600 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Abacast\\Abaclient.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\POWERPNT.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-01-31 13:16]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 04:00]
R1 Ndcprtns;Ndcprtns;C:\WINDOWS\system32\drivers\Ndcprtns.sys [2001-01-02 00:52]
R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-01-31 19:39]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-01-31 19:39]
S2 BridDfu;LINKSYS WAP11 USB Device Driver;C:\WINDOWS\system32\Drivers\BridDfu.sys [2001-07-06 18:02]
S3 CW10;Instant Wireless - Network PC\PCI CARD Win2K Driver;C:\WINDOWS\system32\DRIVERS\CW10.sys [2001-04-10 03:37]
S3 LinksysFVNETusbl(AR)(R);Linksys FVNETusbl(AR)(R) Service for Instant Wireless USB Network Adapter ver.2.6;C:\WINDOWS\system32\DRIVERS\vnetusbl.sys [2004-03-09 21:48]
S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-18 03:10]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusb.sys []
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys [2002-02-19 14:34]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 19:22]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 06:00:30 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-03-01 06:00:58 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 11:10:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\simpleshare1\\Stylus-CX4800"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADA.EXE /P28 \"\\\\simpleshare1\\Stylus-CX4800\" /O28 \"\\\\simpleshare1\\Stylus-CX4800\" /M \"Stylus CX4800\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-03-13 11:15:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 15:15:23
.
2008-03-13 09:57:41 --- E O F ---
capitalcollins
2008-03-13, 16:26
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:30 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.solsticeforum.com/forum/cmps_index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.30.143.1:80
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BUD\Application Data\Mozilla\Profiles\default\vkrzruke.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\simpleshare1\Stylus-CX4800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P28 "\\simpleshare1\Stylus-CX4800" /O28 "\\simpleshare1\Stylus-CX4800" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MagnifyingGlass] C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - http://mail.tripplite.com/iNotes.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - http://mail.tripplite.com/download/dolcontrol.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 12106 bytes
little eagle
2008-03-14, 03:22
Well not seeing anything.
Let's do a little cleanup.
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://nutnworks.com/img/CF_Cleanup.png
---------------------------------
Download and run - ATF Cleaner instructions here. (http://forums.security-central.us/showthread.php?t=1925)
----------------------------------------
Click HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan
* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
capitalcollins
2008-03-14, 10:59
When I do the run combofix /u I get the error "Windows cannot find ComboFix. Make sure you typed the name correctly, etc."
little eagle
2008-03-14, 12:50
Download the OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Press cleanup & it will search for and delete/uninstall all the tools we have used and all their backup folders and then delete itself when you next reboot.
------------------------------------
Did you run thee online scan again?
capitalcollins
2008-03-14, 13:04
Is there another way to accomplish the combofix /u command?
Here is the panda log:
Incident Status Location
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\default\vkrzruke.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.paycounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bud\Application Data\Mozilla\Profiles\Default User\cp0xcatr.slt\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.atwola.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.centrport.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.paycounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\Netscape\Users\hcollins29\cookies.txt[server.iad.liveperson.net/hc/66693905]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000509.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000512.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000518.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000521.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000524.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000527.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000530.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000535.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000541.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000544.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000547.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000550.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000553.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000556.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000560.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000563.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000566.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000570.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000573.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000580.~]
Hacktool:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\hcollins29\Mail\Sent[~0000644.~]
Dialer:Dialer.B Not disinfected C:\WUSB11v25\Utility\data1.cab[WUSB11Cfg.exe]
Possible Virus. Not disinfected C:\WUSB11v25\Utility\Setup.exe
Dialer:Dialer.B Not disinfected D:\Compaq Computer\WUSB11v25\Utility\data1.cab[WUSB11Cfg.exe]
Possible Virus. Not disinfected D:\Compaq Computer\WUSB11v25\Utility\Setup.exe
little eagle
2008-03-14, 13:26
Reboot and rescan with HiJackThis and post a new log here.
---------------------
Is there another way to accomplish the combofix /u command?
Download the OTMoveIt.
* Save it to your desktop.
* Please double-click OTMoveIt.exe to run it.
Press cleanup & it will search for and delete/uninstall all the tools we have used and all their backup folders and then delete itself when you next reboot.
capitalcollins
2008-03-14, 13:37
Here is the HJT log. Are the things that the Panda scan is finding actually harmless?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:47 AM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.solsticeforum.com/forum/cmps_index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.30.143.1:80
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BUD\Application Data\Mozilla\Profiles\default\vkrzruke.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\simpleshare1\Stylus-CX4800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P28 "\\simpleshare1\Stylus-CX4800" /O28 "\\simpleshare1\Stylus-CX4800" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MagnifyingGlass] C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - http://mail.tripplite.com/iNotes.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - http://mail.tripplite.com/download/dolcontrol.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 11994 bytes
little eagle
2008-03-14, 14:39
Are the things that the Panda scan is finding actually harmless?Some look like a false positive.
You may want to clean out your sent folder in you email program.
How much memory do you have??
First to see how much memory you have, click Start>>Control Panel. Double- click System.
On the General tab, total memory will be listed near the bottom.
To enlarge the area set aside for virtual memory. To do that, click Start>>Control Panel. Double-click System.
Select the Advanced tab. Under Performance, click Settings. Select the Advanced tab.
Find Virtual Memory at the bottom of the window, and click Change.
Click the option button next to "Custom Size."
Increase it to atleast 1.5 times your memory size.
The maximum should be three times your memory.
If you continue to have trouble, raise the maximum.
capitalcollins
2008-03-14, 14:51
I think you are saying that since I have 1 Gb of memory that I should have a minimum of 1.5 Gb of virtual memory.
Is that right?
capitalcollins
2008-03-14, 14:56
I tried to change it. It is currently "system managed" at 3070 Mb. When I attempted to change it is gave me the message that the maximum must be less than 4096 Mb.
Does this sound right?
little eagle
2008-03-14, 15:03
Doesn't seam like you need to increase it. Looks like you have more than enough.
Does the system still shut down durring a scan?
capitalcollins
2008-03-14, 15:11
I am running one now and I will let you know shortly.
capitalcollins
2008-03-14, 15:13
Yes, it shut down. I'm at a loss.
little eagle
2008-03-28, 02:27
Sorry missed your post :oops:do you still need help.
If so please post a new hijackthis log.