Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Vista: Firefox crashes, CPU mostly @ 100%


  • This topic is locked This topic is locked
8 replies to this topic

#1 charliep

charliep

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 October 2009 - 07:09 AM

Hi Folks,

First off, thanks a bunch to all the expert troubleshooters for taking the time to resolve computer problems.
Two issues: 1. I can use Firefox for a few minutes and it ultimately crashes with the standard "apology dialog". 2. While navigating the web, my cpu utilization runs consistently at 100%. In addition, if I visit sites heavy in media content, ie. videos, movies, chat, IE tends to move extremely slowly. IE doesn't crash but the response time can be measured in minutes.

Let me list what I've done thus far:
1. Followed steps in "Why is my computer running so slowly?"
2. Uninstalled, re-installed Firefox
3. I've run ERUNT, ATF Cleaner, Malwarebytes, RootRepeal (report pasted below)
4. Also ran DDS but no log was generated, the cmd window just closed when scan completed
5. I've also attached a Hijack Log below.
6. I had disable McAfee before running DDS

One process in particular that "bugs" me is atisvc_mnptfmtze.exe especially since Google returns no search results.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/24 08:37
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8AE00000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xACA35000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1224 Status: Locked to the Windows API!

==EOF==

=============================Hijackthis Log =====================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:01 PM, on 10/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\takyk\atisvc_mnptfmtze.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\Taskmgr.exe
F:\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infoq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0151561256115943) (0151561256115943mcinstcleanup) - Unknown owner - C:\Windows\TEMP\015156~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: atisvc_mnptfmtze - Unknown owner - C:\Windows\system32\takyk\atisvc_mnptfmtze.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8559 bytes

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 27 October 2009 - 10:50 AM

Hi charliep,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\Windows\system32\takyk\atisvc_mnptfmtze.exe <===this file

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 charliep

charliep

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 October 2009 - 07:39 PM

Tomk,

Thanks for your reply. I've uploaded the file to http://virusscan.jotti.org and the site ran 21 scans against the file with no reported malware:

Filename: atisvc_mnptfmtze.exe
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 28 Oct 2009 02:32:31 (CET) Permalink

Additional Info:
File size: 434003 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 64c670cf3afced006f60b4c0f47e1afc
SHA1: 11db071014938ab3097d4e9d6f2dd0ea41646f6b

Kind Regards,
charliep.

#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 27 October 2009 - 07:42 PM

charliep,

I've got no clue what that file is. :unsure:

Let's do some more poking around.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 charliep

charliep

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 October 2009 - 08:51 PM

Tomk, I ran TFC and it cleared up over 200 mb of temporary files. I also ran Malwarebytes with nothing infected: Malwarebytes' Anti-Malware 1.41 Database version: 3044 Windows 6.0.6001 Service Pack 1 10/27/2009 10:25:47 PM mbam-log-2009-10-27 (22-25-47).txt Scan type: Quick Scan Objects scanned: 96012 Time elapsed: 16 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I started up Firefox and after navigating around amazon.com for a few minutes, it crashed. As far as cpu utilization, I see mcshield.exe consuming large amounts of cpu - upwards of 50% at times. Of course, that's just McAfee doing its thing and I probably need to take the good with the bad as far as that goes. Thanks, charliep.

#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 27 October 2009 - 10:28 PM

charliep, Please try to run DDS again.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 charliep

charliep

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 30 October 2009 - 05:27 AM

Thanks Tomk, DDS (Ver_09-06-26.01) - NTFSx86 Run by Admin at 7:20:14.37 on Fri 10/30/2009 Internet Explorer: 7.0.6002.18005 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.946 [GMT -4:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\aestsrv.exe C:\Windows\system32\takyk\atisvc_mnptfmtze.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\takyk\atisvc_mnptfmtze.exe C:\Windows\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\system32\takyk\atisvc_mnptfmtze.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\wpcumi.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\chucks\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.infoq.com/ uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090723 uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini" mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL LSP: c:\windows\system32\wpclsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\27rvb3yx.default\ FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\components\1251231.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-7-24 73728] R2 atisvc_mnptfmtze;atisvc_mnptfmtze;c:\windows\system32\takyk\atisvc_mnptfmtze.exe [2009-7-24 434003] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-24 210216] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-23 111616] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-7-23 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-7-23 7424] S2 0151561256115943mcinstcleanup;McAfee Application Installer Cleanup (0151561256115943);c:\windows\temp\015156~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\015156~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-24 30192] =============== Created Last 30 ================ 2009-10-30 03:22 <DIR> --d----- c:\windows\system32\eu-ES 2009-10-30 03:22 <DIR> --d----- c:\windows\system32\ca-ES 2009-10-30 03:21 <DIR> --d----- c:\windows\system32\vi-VN 2009-10-29 22:10 <DIR> --d----- c:\windows\system32\EventProviders 2009-10-27 21:46 221,740,256 a------- c:\windows\MEMORY.DMP 2009-10-27 18:53 310,784 a------- c:\windows\system32\unregmp2.exe 2009-10-27 18:52 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-10-26 18:42 2,421,760 a------- c:\windows\system32\wucltux.dll 2009-10-26 18:30 87,552 a------- c:\windows\system32\wudriver.dll 2009-10-26 18:25 171,608 a------- c:\windows\system32\wuwebv.dll 2009-10-26 18:25 33,792 a------- c:\windows\system32\wuapp.exe 2009-10-22 13:17 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-10-15 19:40 218,624 a------- c:\windows\system32\msv1_0.dll 2009-10-15 19:40 834,048 a------- c:\windows\system32\wininet.dll 2009-10-15 19:39 78,336 a------- c:\windows\system32\ieencode.dll 2009-10-15 19:38 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe 2009-10-15 19:38 3,548,216 a------- c:\windows\system32\ntoskrnl.exe 2009-10-15 19:34 60,928 a------- c:\windows\system32\msasn1.dll 2009-10-15 19:34 144,896 a------- c:\windows\system32\drivers\srv2.sys 2009-10-15 19:34 604,672 a------- c:\windows\system32\WMSPDMOD.DLL 2009-10-12 22:48 <DIR> --d----- c:\programdata\Office Genuine Advantage 2009-10-12 22:30 1,259,008 a------- c:\windows\system32\lsasrv.dll 2009-10-12 22:30 499,712 a------- c:\windows\system32\kerberos.dll 2009-10-12 22:30 175,104 a------- c:\windows\system32\wdigest.dll 2009-10-12 22:30 270,848 a------- c:\windows\system32\schannel.dll 2009-10-12 22:30 439,864 a------- c:\windows\system32\drivers\ksecdd.sys 2009-10-12 22:30 72,704 a------- c:\windows\system32\secur32.dll 2009-10-12 22:30 9,728 a------- c:\windows\system32\lsass.exe 2009-10-12 19:10 109 a------- c:\windows\setup.iss 2009-10-12 19:09 <DIR> --d----- c:\users\admin\appdata\roaming\NewSoft 2009-10-06 19:37 4,710 a------- c:\windows\system32\fc.ico 2009-10-06 19:37 2,528 a------- c:\windows\FCIC.INI 2009-10-06 19:37 <DIR> --d----- c:\programdata\FirstClass 2009-10-06 19:37 <DIR> --d----- c:\progra~2\FirstClass 2009-10-06 19:35 <DIR> --d----- c:\program files\FirstClass ==================== Find3M ==================== 2009-10-30 03:32 86,016 a------- c:\windows\inf\infstor.dat 2009-10-30 03:32 51,200 a------- c:\windows\inf\infpub.dat 2009-10-30 03:32 143,360 a------- c:\windows\inf\infstrng.dat 2009-10-30 03:21 665,600 a------- c:\windows\inf\drvindex.dat 2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 10:22 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 10:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 10:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 10:22 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll 2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini 2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-07-24 14:50 74 ---shr-- c:\windows\CT4CET.bin 2009-07-25 10:19 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-07-25 10:19 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-07-25 10:19 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 7:21:25.74 ===============

Attached Files



#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 30 October 2009 - 10:06 AM

charliep,

It appears that you have updated your Vista to SP2 since yesterday. I think that's a good move.

Your Java is out of date.

Java™ 6 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

McAfee hogging resources pretty much goes with the territory. That's what it does best.


That being said, Log looks good :D


You need to create a new Clean restore point:

  • Download SysRestorePoint to your desktop and unzip it to it's own folder.
  • Double click SysRestorePoint.exe so that we can make a new system restore point.
  • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.
Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 05 November 2009 - 12:07 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users