Linnachan

On Sunday while I was trying to burn some files off my computer using Sonic Record Now, my anti-virus (McAfee 8.5i) randomly disabled on it's own. I haven't had this happen before so I'm pretty concerned. It only seems to happen when I run Sonic and try to check the contents of the files and finalize the disk that I've burned onto DVD that McAfee turns itself off and I'm also not able to read any of the information on the DVD. Old DVDs that I burned previously seem to work ok and read without any problems. I think it's a malware but I'm not sure exactly what kind of malware it is.

I ran Kaspersky's online virus scan on Sunday night immediately after it happened and it didn't turn up anything. I ran Micro Trend's Housecall and the first time it showed that I had Winvestigator (I have no idea how this got on my laptop as I'm the only one with access to it and I live alone x.x), two http tracking cookies and two vulnerabilities in Office 2003. I had Micro Trend delete all the files and fixed the vulnerabilities in Office by downloading the patches and re-ran housecall again where it gave an all-clear.

I tried checking the contents of one of the DVDs that I burned and McAfee disabled itself again. I then did another scan with Micro Trend, which again said there was nothing wrong.

I'm a bit concerned since I want to be able to clear out my harddrive and whether or not my external drive may be infected since I originally copied the files that I tried to burn on Sunday from my external (some of which were re-copied back to said external because I thought Sonic wouldn't burn because of a lack of space on my harddrive.)

I don't know if it's relevant but I've also noticed that McAfee siteadvisor (that I use in Firefox) doesn't show "safe" and "unsafe" links anymore (no green, yellow or red icons next to each link.) I've tried reinstalling three times to see if it fixes the problem but nothing happens. (Siteadvisor is working since it's showing this site with a green checkmark at the bottom.) I'm also running adblock plus, greasemonkey, blocksite, java quickstart and microsoft net framework assistant (whatever that is) in firefox so I'm not sure if it's a compatibility issue between those programs. I am using the current versions of both programs - firefox 3.0.10 siteadvisor 2.9.258

I also did have sysreset (ie mIrc) which I never used and just deleted but I do use utorrent on a regular basis.

I hope that I'm just being paranoid and that everything's okay but I thought it would be better just to check anyway since I've never had McAfee randomly disable like that before. I am running all the latest XP updates (service pack 3 and I just checked and don't have any pending updates), latest McAfee OAS, McAfee virus scan consule, McAfee on demand scan (so basically all the software that my university provides), and Spyware blaster (last updated 4/27/09).





DDS (Ver_09-03-16.01) - NTFSx86
Run by Megan at 22:51:27.63 on Mon 05/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.319 [GMT -10:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Megan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11

\REFIEBAR.DLL
Trusted Zone: microsoft.com\windowsupdate
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229338358152
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\megan\applic~1\mozilla\firefox\profiles\2e1ehktm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.awesomestart.com/arashi
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-7-16 31816]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-19 210216]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-12-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-7-16 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-7-16 54608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-12-14 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-12-14 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-12-14 174952]

=============== Created Last 30 ================

2009-05-11 17:14 <DIR> --d----- c:\documents and settings\megan\.housecall6.6
2009-05-07 21:34 <DIR> --dsh--- c:\documents and settings\megan\PrivacIE
2009-05-07 21:30 <DIR> --dsh--- c:\documents and settings\megan\IETldCache
2009-05-07 19:15 <DIR> --d----- c:\windows\ie8updates
2009-05-07 19:14 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-07 19:08 <DIR> -cd-h--- c:\windows\ie8
2009-04-26 10:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ponscripter
2009-04-14 17:37 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-14 17:37 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-14 17:37 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-14 17:37 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-14 17:37 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 17:37 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 17:37 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 17:37 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 17:37 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-14 17:35 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 17:35 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 17:35 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-12 01:58 <DIR> --d----- c:\program files\iPod
2009-04-12 01:58 <DIR> --d----- c:\program files\iTunes
2009-04-12 01:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

==================== Find3M ====================

2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 04:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll

============= FINISH: 22:52:12.14 ===============

Attached Files

attach.zip (3.1 KB, 4 views)

Linnachan

Bump please