Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here Is My Log, I Have Several Virus'!


  • This topic is locked This topic is locked
13 replies to this topic

#1 chand10r

chand10r

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 08 January 2008 - 06:31 PM

Help! I have had problems with my pc for over two weeks now. I did hve the internet speed monitor virus. I got rid of that, and now am infected with god knows what. I did a scan with adware 2007 and it showed a whole lotta stuff. YIKES!! I have never had a virus ever in my 8 years of pcing, but now, ugh! Anyway. HELp! I am newbie to this stuff but have just taken over an hour to scan and do the hijack this log. Here it is, t hanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt .exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld .exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent .exe
C:\Program Files\Norton Ghost\Agent\GhostTray .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS .EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ftdjrwvg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvw.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MS162B~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [80a8c56d] rundll32.exe "C:\WINDOWS\system32\pmcbaiwn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7913 bytes


Please be easy with me! I need slow instructions!

BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:59 PM

Posted 09 January 2008 - 08:00 AM

Hi, Wellcome to Bleeping Computer Forums!

You might want to save this page on your favorites, so you can find it again when you return.


Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.

:thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 chand10r

chand10r
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 09 January 2008 - 08:20 AM

Hi here is my new todays log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:44 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt .exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld .exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Ghost\Agent\GhostTray .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS .EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ftdjrwvg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvw.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\MSKAGE~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [80a8c56d] rundll32.exe "C:\WINDOWS\system32\pmcbaiwn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6317 bytes
Thank you so much!! I am going to class today until about 2, so I will be gone until then. Thank you so much!

#4 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:59 PM

Posted 09 January 2008 - 09:55 AM

Hi,

Download ComboFix from Here or Here to your Desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#5 chand10r

chand10r
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 09 January 2008 - 02:14 PM

HI and thanks once again. Here is my combofix log:
ComboFix 08-01-09.2 - David 2008-01-09 13:54:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
c:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1 .EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee\SpamKiller\MS18BE~1 .EXE
C:\Program Files\McAfee\SpamKiller\MS18BE~2 .EXE
C:\Program Files\McAfee\SpamKiller\MS18BE~3 .EXE
C:\Program Files\McAfee\SpamKiller\MS18BE~4 .EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~4 .EXE
C:\Program Files\McAfee\SpamKiller\MskAgent .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QdrDrive
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\temp\brr
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\awvvw.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ejsrvern.dll
C:\WINDOWS\system32\ftdjrwvg.exe
C:\WINDOWS\system32\gbipnefi.ini
C:\WINDOWS\system32\gimpixuj.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\jsqtrgry.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkqxguag.dll
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\nwiabcmp.ini
C:\WINDOWS\system32\pmcbaiwn.dll
C:\WINDOWS\system32\pyfwaecb.dll
C:\WINDOWS\system32\ssqolji.dll
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2
C:\WINDOWS\system32\xlnbhrpr.dll
C:\WINDOWS\system32\yrgrtqsj.ini

<pre>
C:\Program Files\Analog Devices\Core\smax4pnp .exe ---> smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe ---> issch.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS .EXE ---> LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp .exe ---> ccApp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe ---> DMXLauncher.exe
C:\Program Files\DellSupport\DSAgnt .exe ---> DSAgnt.exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe ---> QooBox
C:\Program Files\McAfee.com\Agent\mcagent .exe ---> QooBox
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe ---> QooBox
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe ---> QooBox
C:\Program Files\McAfee.com\VSO\mcvsshld .exe ---> mcvsshld.exe
C:\Program Files\McAfee.com\VSO\OasClnt .exe ---> OasClnt.exe
C:\Program Files\Messenger\msmsgs .exe ---> msmsgs.exe
C:\Program Files\Norton Ghost\Agent\GhostTray .exe ---> GhostTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger			   .exe ---> YahooMessenger.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\hkcmd .exe ---> hkcmd.exe
C:\WINDOWS\system32\igfxpers .exe ---> igfxpers.exe
C:\WINDOWS\system32\igfxtray .exe ---> igfxtray.exe
C:\WINDOWS\system32\NeroCheck .exe ---> NeroCheck.exe
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 13:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:27 . 2008-01-08 18:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-08 18:12 . 2008-01-08 18:12 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 18:12 . 2008-01-08 18:12 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 18:06 . 2008-01-08 18:06 134 --ah----- C:\aaw7boot.cmd
2008-01-03 12:28 . 2008-01-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-03 12:23 . 2006-07-03 18:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-03 12:20 . 2008-01-08 18:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 07:57 . 2008-01-08 14:15 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-24 07:56 . 2008-01-08 14:15 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-12-24 07:56 . 2008-01-08 14:15 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-12-24 07:56 . 2008-01-08 14:15 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-12-24 07:46 . 2007-12-24 07:53 <DIR> d-------- C:\Program Files\QdrPack(2)
2007-12-14 22:08 . 2007-12-11 17:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-14 22:08 . 2007-12-11 17:34 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-14 22:08 . 2007-12-11 17:34 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-14 21:28 . 2007-12-14 21:28 125 --a------ C:\ioSpecial.ini
2007-12-11 17:35 . 2007-12-11 17:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 17:35 . 2007-12-11 17:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 17:34 . 2007-12-11 17:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 17:34 . 2007-12-11 17:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 17:34 . 2007-12-11 17:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 17:32 . 2007-12-11 17:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 17:32 . 2007-12-11 17:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 17:32 . 2007-12-11 17:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 19:08 --------- d-----w C:\Program Files\DellSupport
2008-01-09 19:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-09 19:02 --------- d-----w C:\Program Files\QuickTime
2007-12-15 03:09 --------- d-----w C:\Program Files\DivX
2007-11-22 04:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 14:26 --------- d-----w C:\Documents and Settings\David\Application Data\Sandlot Games
2007-11-19 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-11-19 14:03 --------- d-----w C:\Documents and Settings\David\Application Data\Jane s Hotel
2007-11-19 14:02 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-18 01:13 --------- d-----w C:\Documents and Settings\David\Application Data\PlayFirst
2007-11-18 00:51 --------- d-----w C:\Documents and Settings\David\Application Data\DivX
2007-11-17 12:44 --------- d-----w C:\Program Files\Google
2007-11-17 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 23:55 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-16 23:55 --------- d-----w C:\Program Files\Avi2Dvd
2007-11-16 23:52 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-16 23:52 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-16 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-17 20:29 24,192 -c--a-w C:\Documents and Settings\David\usbsermptxp.sys
2006-08-17 20:29 22,768 -c--a-w C:\Documents and Settings\David\usbsermpt.sys
2006-07-03 23:23 0 -c-ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-09 10:43 1694208]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ .exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-08 14:15 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-08 14:15 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-08 14:15 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-08 14:15 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-08 14:15 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2008-01-08 14:15 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 18:38 58992]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2008-01-08 14:15 1537696]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-08 14:15 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2008-01-08 14:14 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [ ]
"MSKAGENTEXE"="c:\PROGRA~1\mcafee\SPAMKI~1\MSKAGE~1.EXE" [ ]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2008-01-08 14:14 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2008-01-08 14:15 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-08 14:15 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-03 18:18:04]

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2001-08-01 14:36]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 19:16:22 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CHAND10R-David).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 14:09:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 14:11:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 19:11:32
.
2007-12-18 08:00:56 --- E O F ---


And here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:37 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\MSKAGE~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6335 bytes


Just let me know what to do next, thanks!

#6 chand10r

chand10r
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 09 January 2008 - 06:39 PM

Wow I do not know what that combofix did, but I have not had any popups or craziness since I ran/did that!! And messenger came back, msn messenger had been missing since this started. I never use it, but noticed it was missing. Just wanted to let you know that. OF course, I still want my log read and stuff, but I just had to come on here and tell you that. Thanks! :thumbsup:

#7 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:59 PM

Posted 11 January 2008 - 09:49 AM

Hello

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
Folder::
C:\Program Files\QdrPack(2)

RenV::
C:\Program Files\Analog Devices\Core\smax4pnp .exe ---> smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe ---> issch.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS .EXE ---> LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp .exe ---> ccApp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe ---> DMXLauncher.exe
C:\Program Files\DellSupport\DSAgnt .exe ---> DSAgnt.exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe ---> QooBox
C:\Program Files\McAfee.com\Agent\mcagent .exe ---> QooBox
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe ---> QooBox
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe ---> QooBox
C:\Program Files\McAfee.com\VSO\mcvsshld .exe ---> mcvsshld.exe
C:\Program Files\McAfee.com\VSO\OasClnt .exe ---> OasClnt.exe
C:\Program Files\Messenger\msmsgs .exe ---> msmsgs.exe
C:\Program Files\Norton Ghost\Agent\GhostTray .exe ---> GhostTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger			   .exe ---> YahooMessenger.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\hkcmd .exe ---> hkcmd.exe
C:\WINDOWS\system32\igfxpers .exe ---> igfxpers.exe
C:\WINDOWS\system32\igfxtray .exe ---> igfxtray.exe
C:\WINDOWS\system32\NeroCheck .exe ---> NeroCheck.exe
  • Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.
In your next reply, please post:
  • A new HijackThis log
  • The results from ComboFix
  • The results from Kaspersky online scanner.
Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#8 chand10r

chand10r
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 11 January 2008 - 08:19 PM

hey i have run the virus scan, i have having trouble saving it as text, i did save it, but it was nowhere to be found? i also had to download and install the whole virus scan program, that was correct wasnt it? it took almost an hour to scan and found over 1000 bugs but i am frustrated as now i am doing another scan again becuase i have to find out how to save this as text?? what is it saving a log of the viruses or what? HELP! thanks.

#9 chand10r

chand10r
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 11 January 2008 - 08:54 PM

nm i got it here are the things you need:
well actually the log from the virus files are so big(no kidding) that it is going to take an age to file and paste it:

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 152597 1018 978 40 0 3011 655 239 0
System memory 2297 0 0 0 0 1 1 0 0
Startup objects 627 0 0 0 0 5 26 0 0
System Backup storage 13109 917 877 40 0 67 273 0 0
All hard drives 136564 101 101 0 0 2938 355 239 0
All removable drives 0 0 0 0 0 0 0 0 0


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Record information about dangerous objects to program statistics Yes
If you need the whole log, I do not know if you want me to send it in an attachment via email, as my pc freezes every single time i try to copy paste it, as it is so large.

here are my hijack this and combo fix logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:42 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5831 bytes
ComboFix 08-01-09.2 - David 2008-01-11 20:40:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.305 [GMT -5:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-11 18:59 . 2008-01-11 20:43 1,913,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-11 18:59 . 2008-01-11 20:43 4,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-11 18:59 . 2008-01-11 19:00 1,124 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-11 18:59 . 2008-01-11 19:00 1,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-11 18:57 . 2008-01-11 18:57 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-11 18:57 . 2008-01-11 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 18:56 . 2008-01-11 18:56 <DIR> d-------- C:\KAV
2008-01-09 23:58 . 2008-01-11 14:30 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-09 23:58 . 2008-01-11 14:30 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-09 23:58 . 2008-01-11 14:30 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-09 23:58 . 2008-01-11 14:30 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-09 13:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:27 . 2008-01-08 18:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-08 18:12 . 2008-01-08 18:12 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 18:12 . 2008-01-08 18:12 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 18:06 . 2008-01-08 18:06 134 --ah----- C:\aaw7boot.cmd
2008-01-03 12:28 . 2008-01-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-03 12:23 . 2006-07-03 18:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-03 12:20 . 2008-01-08 18:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 22:08 . 2007-12-11 17:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-14 22:08 . 2007-12-11 17:34 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-14 22:08 . 2007-12-11 17:34 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-14 21:28 . 2007-12-14 21:28 125 --a------ C:\ioSpecial.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 23:38 --------- d-----w C:\Program Files\DellSupport
2008-01-11 23:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-11 23:36 --------- d-----w C:\Program Files\QuickTime
2007-12-15 03:09 --------- d-----w C:\Program Files\DivX
2007-12-12 02:03 4,184 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-22 04:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 14:26 --------- d-----w C:\Documents and Settings\David\Application Data\Sandlot Games
2007-11-19 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-11-19 14:03 --------- d-----w C:\Documents and Settings\David\Application Data\Jane s Hotel
2007-11-19 14:02 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-18 01:13 --------- d-----w C:\Documents and Settings\David\Application Data\PlayFirst
2007-11-18 00:51 --------- d-----w C:\Documents and Settings\David\Application Data\DivX
2007-11-17 12:44 --------- d-----w C:\Program Files\Google
2007-11-17 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 23:55 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-16 23:55 --------- d-----w C:\Program Files\Avi2Dvd
2007-11-16 23:52 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-16 23:52 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-16 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 10:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 227,328 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 00:56 120,056 -c--a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 -c--a-w C:\WINDOWS\system32\pxinsi64.exe
2006-08-17 20:29 24,192 -c--a-w C:\Documents and Settings\David\usbsermptxp.sys
2006-08-17 20:29 22,768 -c--a-w C:\Documents and Settings\David\usbsermpt.sys
2006-07-03 23:23 0 -c-ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
.
<pre>
----a-w		   110,592 2008-01-10 05:02:42  C:\Program Files\McAfee\SpamKiller\mskagent .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-01-11_18.40.59.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-11 23:59:14 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-11 14:31 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-11 14:31 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-11 14:30 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 14:30 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 14:30 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-11 14:30 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2008-01-11 14:30 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 14:30 58992]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2008-01-11 14:30 1537696]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-11 14:30 81920]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2008-01-11 14:29 53248]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2008-01-11 14:30 163840]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2008-01-11 14:30 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-11 14:30 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-03 18:18:04]

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2001-08-01 14:36]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CHAND10R-David).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 20:43:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 20:44:34
ComboFix-quarantined-files.txt 2008-01-12 01:44:17
ComboFix2.txt 2008-01-11 23:41:26
ComboFix3.txt 2008-01-09 19:11:36
.
2008-01-10 08:03:49 --- E O F ---


Oh I forgot to tell you about how my pc was doing. I havent had any popups since I told you about after I ran combofix the other day. My pc could be faster, though its not extremely slow. I have had trouble opening new windows in programs occasionally. Thats about it really. I really want to thank you for helping me. You are a godsend! I cant believe how many things were detected on my pc, thats the last time I let my teenage son get on here! GRRR! Anyway, just let me know if you need anything else, thanks!

#10 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:59 PM

Posted 14 January 2008 - 05:57 AM

Hello,

We are close to the end, but we have a few more things to do. :thumbsup:


I see you have two antiviruses - specifically McAfee and Kaspersky - I do not recommend that you have more than one antivirus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other antivirus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened; again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System performance problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to Add/Remove Programs in the Control Panel and remove either McAfee or Kaspersky .


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:

RenV::
----a-w 110,592 2008-01-10 05:02:42 C:\Program Files\McAfee\SpamKiller\mskagent .exe

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please post them, along whit a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#11 chand10r

chand10r
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 14 January 2008 - 12:55 PM

Hi and thank you for getting back to me! :thumbsup: Ok, here are my new logs for you.

ComboFix 08-01-09.2 - David 2008-01-14 12:44:03.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.263 [GMT -5:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Shared\mcappins .exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\awvvw.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2

<pre>
C:\Program Files\Analog Devices\Core\smax4pnp .exe ---> smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe ---> issch.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS .EXE ---> LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp .exe ---> ccApp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe ---> DMXLauncher.exe
C:\Program Files\DellSupport\DSAgnt .exe ---> DSAgnt.exe
C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE ---> QooBox
C:\Program Files\McAfee.com\Shared\mcappins .exe ---> QooBox
C:\Program Files\Messenger\msmsgs .exe ---> msmsgs.exe
C:\Program Files\Norton Ghost\Agent\GhostTray .exe ---> GhostTray.exe
C:\Program Files\QuickTime\qttask	 .exe ---> qttask.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\hkcmd .exe ---> hkcmd.exe
C:\WINDOWS\system32\igfxpers .exe ---> igfxpers.exe
C:\WINDOWS\system32\igfxtray .exe ---> igfxtray.exe
C:\WINDOWS\system32\NeroCheck .exe ---> NeroCheck.exe
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-12 12:09 . 2008-01-14 12:37 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-12 12:08 . 2008-01-14 12:37 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-12 12:08 . 2008-01-14 12:37 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-12 12:08 . 2008-01-14 12:37 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-11 18:59 . 2008-01-14 12:36 2,193,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-11 18:59 . 2008-01-14 12:36 22,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-11 18:59 . 2008-01-14 12:36 17,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-11 18:59 . 2008-01-14 12:36 3,140 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-11 18:57 . 2008-01-11 18:57 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-11 18:57 . 2008-01-14 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 18:56 . 2008-01-11 18:56 <DIR> d-------- C:\KAV
2008-01-09 13:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:27 . 2008-01-08 18:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-08 18:12 . 2008-01-08 18:12 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 18:12 . 2008-01-08 18:12 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 18:06 . 2008-01-08 18:06 134 --ah----- C:\aaw7boot.cmd
2008-01-03 12:28 . 2008-01-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-03 12:23 . 2006-07-03 18:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-03 12:20 . 2008-01-08 18:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 22:08 . 2007-12-11 17:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-14 22:08 . 2007-12-11 17:34 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-14 22:08 . 2007-12-11 17:34 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-14 21:28 . 2007-12-14 21:28 125 --a------ C:\ioSpecial.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 17:50 --------- d-----w C:\Program Files\QuickTime
2008-01-14 17:50 --------- d-----w C:\Program Files\DellSupport
2008-01-14 17:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-14 16:09 --------- d-----w C:\Program Files\McAfee.com
2007-12-15 03:09 --------- d-----w C:\Program Files\DivX
2007-11-22 04:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 14:26 --------- d-----w C:\Documents and Settings\David\Application Data\Sandlot Games
2007-11-19 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-11-19 14:03 --------- d-----w C:\Documents and Settings\David\Application Data\Jane s Hotel
2007-11-19 14:02 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-18 01:13 --------- d-----w C:\Documents and Settings\David\Application Data\PlayFirst
2007-11-18 00:51 --------- d-----w C:\Documents and Settings\David\Application Data\DivX
2007-11-17 12:44 --------- d-----w C:\Program Files\Google
2007-11-17 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 23:55 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-16 23:55 --------- d-----w C:\Program Files\Avi2Dvd
2007-11-16 23:52 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-16 23:52 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-16 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2006-08-17 20:29 24,192 -c--a-w C:\Documents and Settings\David\usbsermptxp.sys
2006-08-17 20:29 22,768 -c--a-w C:\Documents and Settings\David\usbsermpt.sys
2006-07-03 23:23 0 -c-ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
.
<pre>
----a-w		   231,952 2008-01-14 16:07:35  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-01-11_18.40.59.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 23:30:51 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 17:42:50 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-11 23:30:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 17:42:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-11 23:30:52 4,829,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-14 17:42:51 4,829,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-11 23:30:52 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 17:42:51 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-11 23:30:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 17:42:51 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-11 23:30:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 17:42:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-11 23:59:14 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-14 12:37 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-14 12:37 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-14 12:37 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-14 12:37 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-14 12:37 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-14 12:37 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2008-01-14 12:37 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-14 12:37 58992]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2008-01-14 12:37 1537696]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-14 12:37 81920]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~2.EXE" [ ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2008-01-14 12:37 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-14 12:37 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-03 18:18:04]

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2001-08-01 14:36]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 12:51:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 12:53:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 17:52:55
ComboFix2.txt 2008-01-12 01:44:34
ComboFix3.txt 2008-01-11 23:41:26
ComboFix4.txt 2008-01-09 19:11:36
.
2008-01-10 08:03:49 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:47 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~2.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 4893 bytes


Just let me know what to do next!

#12 chand10r

chand10r
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 17 January 2008 - 09:03 PM

My pc is acting terrible again, just wanted to say. It keeps freezing up, and crashing. NO pop ups, but now something else, help!

#13 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:59 PM

Posted 26 January 2008 - 05:21 AM

Hi and very sorry for the long delay.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
Please download the latest version of ComboFix from Here or Here to your Desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#14 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:09:59 AM

Posted 31 January 2008 - 10:44 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users