Jump to content


Photo

Dell crashes when audio settings changed - still have virus?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Avi Marcus

Avi Marcus

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 01 June 2007 - 01:30 AM

After opening something, mcafee said it found some virus and said it removed it.
The next morning, I kept getting blue screens. They seem to occur in two situations:
1) When the audio settings are changed (the volume via the controls in the sys tray) or when I use the dell media keys.
2) When the video card (a 256 mb ati) is used differently - after the intro to a game, when the menu would pop up.

I scanned with spyware doctor (in the google pack), Lavasoft, and ad-aware, kaspersky, and they found various advertising spyware/malware (I thought all the stuff I had downloaded was safe...) and removed those. Several reboots, scans, and crashes later, the computer still crashes when the audio settings are changed. I can't even open skype, because it changes the audio settings and you can only turn off that option once you login.

I am wondering if the virus(es?) are now gone, but they somehow corrupted some drivers. They do work - I hear sound on windows startup, and the LCD is in full resolution, 1680x1050
I tried using system restore 4 times, on the checkpoints before that file. Each time after waiting and windows rebooted it said something like "Couldn't restore, no files have been changed.

Here are the two logs:
Ewido/avg, done in safe mode as the forums say - It quarantined the first two files and deleted everything else.

**Update 6/5/2007: Mcafee says it found poly win 32, and deleted it. Here is a new hijack log.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:04:43 AM 6/1/2007

+ Scan result:



C:\temp\install.exe -> Downloader.Agent.brf : No action taken.
C:\Documents and Settings\e\3.tmp -> Downloader.Agent.brr : No action taken.
:mozilla.111:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.112:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\e\Cookies\e@3.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.518:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\e\Cookies\e@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
:mozilla.65:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.463:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.490:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.53:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.54:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.55:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\e\Cookies\e@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\e\Cookies\e@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.356:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.357:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.358:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.359:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.360:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.361:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.362:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.363:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Live : No action taken.
C:\Documents and Settings\e\Cookies\e@search.live[1].txt -> TrackingCookie.Live : No action taken.
C:\Documents and Settings\e\Cookies\e@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.325:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.326:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.327:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.47:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.48:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.49:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.250:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.68:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Safer-networking : No action taken.
:mozilla.28:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Skype : No action taken.
C:\Documents and Settings\e\Cookies\e@skype[1].txt -> TrackingCookie.Skype : No action taken.
:mozilla.517:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.519:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.520:C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 8:33:39 AM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Weaverslave\weaversl.exe
C:\Program Files\CoreFTP\coreftp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\AGLOCO Viewbar\ViewBar.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {BE7A4168-7093-4027-A145-0B650B936DAC} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - C:\PROGRA~1\BeInSync\BISShellEx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BeInSync] "C:\Program Files\BeInSync\BeInSync.exe" /NOGUI
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles/8flpy3dh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - C:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra 'Tools' menuitem: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - C:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18DE75F6-9CCC-426C-9D7A-2FCC842A0266}: NameServer = 212.143.212.143 194.90.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0077981180936259) (0077981180936259mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\007798~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

Edited by Avi Marcus, 05 June 2007 - 12:35 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 03 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 09 June 2007 - 08:23 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Disable Spyware Doctor:
Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor
Once your log is clean you can re-enable Spyware Doctor.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {BE7A4168-7093-4027-A145-0B650B936DAC} - (no file)
O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally to reset the registry.

Download this file - combofix.exe

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe"

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe"

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 Avi Marcus

Avi Marcus

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 09 June 2007 - 05:01 PM

My two main problems have been solved! I can now use the dell media keys, and open the game that previously crashed the computer. Mcafee also used to say it blocked some buffer overload on services.exe or something on startup, which didn't appear again.
Thanks so much!

Here are the logs, just in case...

Logfile of HijackThis v1.99.1
Scan saved at 1:00:13 AM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\EverNote\EverNote\EverNote.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - C:\PROGRA~1\BeInSync\BISShellEx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BeInSync] "C:\Program Files\BeInSync\BeInSync.exe" /NOGUI
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles/8flpy3dh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - C:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra 'Tools' menuitem: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - C:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18DE75F6-9CCC-426C-9D7A-2FCC842A0266}: NameServer = 212.143.212.143 194.90.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)











"e" - 2007-06-09 22:08:03 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\e\Desktop\"


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-09 22:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 21:59 <DIR> d-------- C:\Avenger
2007-06-09 21:39 <DIR> d-------- C:\PE162kgd
2007-06-09 21:35 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-08 15:48 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-06-08 15:48 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-06-08 15:48 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-06-08 15:48 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-06-08 15:35 <DIR> d-------- C:\Program Files\Davka
2007-06-07 14:59 <DIR> d-------- C:\Program Files\zabkat
2007-06-07 14:47 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\GetRightToGo
2007-06-05 01:12 0 --a------ C:\WINDOWS\system32\dummy.dat
2007-06-05 01:12 <DIR> d-------- C:\Program Files\AGLOCO Viewbar
2007-06-04 22:25 <DIR> d-------- C:\Videora
2007-06-04 09:07 <DIR> d-------- C:\Program Files\iPod
2007-06-03 08:58 <DIR> d-------- C:\Program Files\Security Task Manager
2007-06-03 08:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-06-03 02:22 <DIR> d-------- C:\Program Files\KellySoftware
2007-06-01 09:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-01 09:33 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-31 09:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-31 09:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-05-31 08:56 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-31 01:29 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\Lavasoft
2007-05-31 01:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-31 01:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-31 01:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-31 00:39 <DIR> d-------- C:\VundoFix Backups
2007-05-31 00:37 <DIR> d-------- C:\Program Files\DIFX
2007-05-31 00:25 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys
2007-05-31 00:25 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys
2007-05-31 00:25 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys
2007-05-31 00:25 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys
2007-05-31 00:23 <DIR> d-------- C:\Program Files\Intel
2007-05-31 00:16 <DIR> d-------- C:\WINDOWS\system32\vmm32
2007-05-31 00:05 <DIR> d-------- C:\DOCUME~1\e\.GalleryRemote
2007-05-31 00:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
2007-05-30 21:07 14,868 --a------ C:\WINDOWS\system32\caugxovn.exe
2007-05-30 20:49 14,868 --a------ C:\WINDOWS\system32\gsfdbccd.exe
2007-05-30 17:31 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-05-30 17:31 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-05-30 17:31 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-05-30 17:31 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-05-30 17:31 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-05-30 17:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-05-30 14:50 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-30 14:50 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-05-30 14:48 <DIR> d-------- C:\WINDOWS\pss
2007-05-30 03:51 <DIR> d-------- C:\Program Files\Doom 3
2007-05-30 03:49 43 --a------ C:\temp\RUNME.bat
2007-05-30 03:49 <DIR> d-------- C:\temp
2007-05-29 23:23 <DIR> d-------- C:\Program Files\RocketDock
2007-05-28 23:49 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-27 02:11 <DIR> d-------- C:\Program Files\Smart PC Solutions
2007-05-27 02:11 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\Smart PC Solutions
2007-05-22 17:45 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\Snapfish
2007-05-22 17:36 <DIR> d-------- C:\Program Files\Switch Off
2007-05-18 08:55 <DIR> d-------- C:\DOCUME~1\e\outlook express contact
2007-05-18 03:50 <DIR> d-------- C:\Program Files\Google Video
2007-05-18 03:13 <DIR> d-------- C:\Program Files\VirtualDub-1.6.17
2007-05-18 02:11 14,464 --a------ C:\WINDOWS\system32\drivers\fanio.sys
2007-05-18 02:11 <DIR> d-------- C:\Program Files\SpeedswitchXP
2007-05-18 02:11 <DIR> d-------- C:\Program Files\I8kfanGUI
2007-05-17 08:45 <DIR> d-------- C:\Program Files\EverNote
2007-05-17 08:42 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\InstallShield
2007-05-17 01:47 <DIR> d-------- C:\Program Files\id Software
2007-05-17 01:45 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-05-16 19:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-05-16 12:59 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-16 12:59 <DIR> d-------- C:\Program Files\Red Kawa
2007-05-16 12:22 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-05-16 12:22 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-05-16 12:21 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-16 12:21 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-05-16 12:15 <DIR> d-------- C:\Program Files\America's Army
2007-05-16 10:48 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\JGsoft
2007-05-15 14:16 <DIR> d-------- C:\Program Files\ArechiSoft
2007-05-15 14:16 <DIR> d-------- C:\DOCUME~1\e\WINDOWS
2007-05-15 14:01 <DIR> d-------- C:\Program Files\CloneCD
2007-05-15 08:53 88 -r-hs---- C:\WINDOWS\system32\61BD7C495C.sys
2007-05-15 08:53 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-15 08:53 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\Corel
2007-05-15 08:51 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2007-05-15 08:47 <DIR> d-------- C:\Program Files\WinPcap
2007-05-15 08:47 <DIR> d-------- C:\Program Files\URLSnooper2
2007-05-15 08:32 <DIR> dr------- C:\DOCUME~1\e\APPLIC~1\BeInSync Settings
2007-05-15 08:32 <DIR> d-------- C:\Program Files\BeInSync
2007-05-15 08:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BeInSync Settings
2007-05-15 08:26 52,984 --a------ C:\WINDOWS\system32\drivers\mozy.sys
2007-05-15 08:26 <DIR> d-------- C:\Program Files\Mozy
2007-05-15 07:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-15 05:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-05-15 05:58 <DIR> d-------- C:\Program Files\Real
2007-05-15 05:58 <DIR> d-------- C:\Program Files\Common Files\Real
2007-05-14 03:11 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\CoreFTP
2007-05-14 01:42 1,165 --a------ C:\WINDOWS\mozver.dat
2007-05-13 20:13 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-05-13 20:13 36,309 --a------ C:\WINDOWS\DIIUnin.dat
2007-05-13 20:13 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-05-13 20:01 <DIR> d-------- C:\DOCUME~1\e\APPLIC~1\vlc


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 14:05:35 -------- d-----w C:\Program Files\McAfee
2007-06-05 06:04:48 -------- d-----w C:\Program Files\Google
2007-06-05 06:01:19 -------- d-----w C:\Program Files\Digital Line Detect
2007-06-05 06:01:14 -------- d-----w C:\Program Files\Dell Support
2007-06-05 05:58:51 -------- d-----w C:\Program Files\BAE
2007-05-30 21:33:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-30 21:16:16 -------- d-----w C:\Program Files\Dell
2007-05-16 22:54:50 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-13 16:40:48 -------- d-----w C:\Program Files\ATI Technologies
2007-05-12 23:23:23 -------- d-----w C:\Program Files\Broadcom
2007-04-23 07:14:54 -------- d-----w C:\Program Files\CyberLink
2007-04-23 07:13:34 -------- d-----w C:\Program Files\Microsoft Works
2007-04-23 07:12:43 -------- d-----w C:\Program Files\Sonic
2007-04-23 07:12:43 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-23 07:12:37 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-04-23 07:12:10 -------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-04-23 07:12:08 -------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-04-23 07:11:32 -------- d-----w C:\Program Files\MUSICMATCH
2007-04-23 07:09:45 -------- d-----w C:\Program Files\Common Files\McAfee
2007-04-23 07:08:22 -------- d-----w C:\Program Files\McAfee.com
2007-04-23 07:07:50 -------- d-----w C:\Program Files\Common Files\Corel
2007-04-23 07:07:35 -------- d-----w C:\Program Files\Corel
2007-04-23 07:05:27 -------- d-----w C:\Program Files\NetWaiting
2007-04-23 07:05:20 -------- d-----w C:\Program Files\Modem Helper
2007-04-23 07:03:53 -------- d-----w C:\Program Files\Synaptics
2007-04-23 07:02:12 -------- d-----w C:\Program Files\CONEXANT
2007-04-23 07:02:06 -------- d-----w C:\Program Files\Sigmatel
2007-04-23 06:59:26 -------- d-----w C:\Program Files\Messenger
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-12 14:50:16 2,783,048 ----a-w C:\WINDOWS\system32\GPhotos.scr
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 09:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-23 00:02]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-05-13 01:24]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-13 01:41]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=C:\Program Files\BAE\BAE.dll [2006-12-08 14:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-04 02:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 01:41]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-18 01:30]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 00:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-20 13:46]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 23:32]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-05-13 07:24]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 05:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-15 05:58]
"CloneCDTray"="C:\Program Files\CloneCD\CloneCDTray.exe" [2006-09-28 22:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 15:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" [2007-06-04 05:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\PROGRA~1\DELLSU~1\DSAgnt.exe" [2006-08-29 05:57]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-13 01:41]
"BeInSync"="C:\Program Files\BeInSync\BeInSync.exe" [2007-05-10 12:30]
"SpeedswitchXP"="C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-15 00:56]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 19:58]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\8flpy3dh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles/8flpy3dh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"="C:\PROGRA~1\BeInSync\BISShellEx.dll" [2007-05-10 12:30]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]
ipmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winsock2 driver]
JPPA.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-04 19:29:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-14 22:00:01 C:\WINDOWS\tasks\McDefragTask.job
2007-05-31 22:00:00 C:\WINDOWS\tasks\McQcTask.job
2007-06-08 12:35:05 C:\WINDOWS\tasks\Norton Security Scan.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 22:09:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-09 22:10:15
C:\ComboFix-quarantined-files.txt ... 2007-06-09 22:10
C:\ComboFix2.txt ... 2007-06-09 22:03

--- E O F ---

Edited by Avi Marcus, 09 June 2007 - 05:23 PM.


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 10 June 2007 - 07:09 AM

Nice work the log is clean.

Remove these items from your registry.

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winsock2 driver]



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

If you need help on "How to Make a .Reg File"
See: http://www.nellie2.co.uk/file.htm

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 21 June 2007 - 09:07 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button