Tech Support Forum banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
7 Posts
I believe that I have somehow picked up something that is affecting my entire system. Both my browsers (Firefox and IE) will crash intermittently, as well as numerous programs on my computer including ventrillo, windows media player, and itunes. Upon immediately loading i have two CLI.exe files using up 100% of my processing power.

Logs are as follows.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Scott at 14:59:05.74 on Fri 12/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1091 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\TEMP\rdl11C.tmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Scott\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-rel
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe logon.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar5.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {df8e1866-5ea0-4e23-96f4-98656bf2776f} - relipasi.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EPSON NX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\docume~1\scott\locals~1\temp\E_S73.tmp" /EF "HKCU"
uRun: [ProxyCap] c:\progra~1\proxyl~1\proxycap\ProxyCap.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-552 xtreme n desktop adapter\wirelesscm.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\old hard drive\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: pcaplsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - c:\documents and settings\all users\application data\macromedia\swupdate\swupdate.dll
mASetup: {708CCFE0-54F7-5E08-3606-74F82FB33EB8} - c:\windows\system32:smsss.exe
Hosts: 12.129.206.130 us.logon.battle.net
Hosts: 213.248.127.130 eu.logon.battle.net

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scott\applic~1\mozilla\firefox\profiles\pfl0cjcm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\scott\application data\mozilla\firefox\profiles\pfl0cjcm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mozilla firefox\components\MGSHelper.dll
FF - plugin: c:\documents and settings\scott\application data\mozilla\firefox\profiles\pfl0cjcm.default\extensions\[email protected]\plugins\npDyyno.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;c:\program files\radeon omega drivers\v3.8.231\ati tray tools\atitray.sys [2005-11-13 11008]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-3-15 80640]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-3-15 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-3-15 122368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652]
S2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-7-1 36480]
S3 cpuz130;cpuz130;\??\c:\docume~1\scott\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-3-15 221184]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-3-15 245760]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-3-15 114464]

=============== Created Last 30 ================

2009-12-04 05:44:55 0 d-----w- c:\documents and settings\all users\Microsoft PData
2009-12-04 05:16:48 34308 ----a-w- c:\windows\system32\logon.exe
2009-11-30 23:48:20 0 d-----w- c:\program files\Proxy Labs
2009-11-12 15:56:45 77312 ----a-w- c:\windows\MBR.exe
2009-11-12 15:56:44 267264 ----a-w- c:\windows\PEV.exe
2009-11-11 01:58:30 364544 ----a-w- c:\windows\system32\pcaplsp.dll
2009-11-11 01:57:44 315392 ----a-w- c:\windows\system32\sbcrreag.dll
2009-11-09 17:16:46 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2009-11-09 17:16:35 0 d-----w- c:\program files\AIM
2009-11-09 17:16:31 0 d-----w- c:\program files\common files\Software Update Utility

==================== Find3M ====================

2009-12-03 19:03:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-02 23:01:03 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-19 23:53:44 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-09-25 05:37:11 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-01-14 00:13:29 10294 ----a-w- c:\program files\hijackthis.log
2005-02-16 15:06:16 218112 ----a-w- c:\program files\HijackThis.exe
2009-08-08 15:21:24 56 --sha-r- c:\windows\system32\5EA12DC95F.sys
2006-04-22 02:56:56 56 --sha-r- c:\windows\system32\85DEA2AF0B.sys
2009-08-08 15:21:25 4444 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:01:23.12 ===============

thanks for your help!

Just a quick update, I'm also getting browser redirects as well as just straight crashes when clicking on google links or using the google toolbar in firefox. I also cannot boot the computer in safe mode as I get bluescreened every time. When trying to change system settings I also received the error "Windows cannot find C:\WINDOWS\system32\rundll32.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."
 

Attachments

·
Registered
Joined
·
7 Posts
Discussion Starter · #2 ·
Another update. All search engines immediately crash the browser i'm working in, whether firefox or IE. Also windows media player only runs for 2min 2 seconds into any video before it crashes.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Haven't had anyone reply in about 3 days and it got to the point where no programs could be run. No browsers would open, all programs crashed almost right after initiating, so I took the liberty of running combo fix. I know you guys are super super super busy and everyone on here is clamoring for attention, so I totally understand. I went ahead and combo fixed it because it was getting to the point where I would try anything. Windows tried to close it multiple times but it powered through and looks like it pretty much fixed everything. Programs are running again, no redirects on browsers etc. I still have 2 CLI.EXE programs taking up all my processing power upon startup but i just task manager close both of them. Here are the logs from Combo fix if you're interested in looking at them

ComboFix 09-11-11.02 - Scott 12/07/2009 12:57.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1480 [GMT -6:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\critical_warning.html
c:\windows\system32\logon.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\lowsec\local.ds . . . . failed to delete
c:\windows\system32\lowsec\user.ds . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 19:08 . 2009-12-07 19:08 0 ----a-w- c:\windows\system32\41.exe
2009-12-07 19:08 . 2009-12-07 19:08 0 ----a-w- c:\windows\system32\AVR10.exe
2009-12-07 19:08 . 2009-12-07 19:08 0 ----a-w- c:\windows\system32\winhelper86.dll
2009-12-07 18:43 . 2009-12-07 18:43 35328 ----a-w- c:\windows\system32\winupdate86.exe
2009-12-07 18:43 . 2009-12-07 18:43 35328 ----a-w- c:\windows\system32\winlogon86.exe
2009-12-07 18:38 . 2004-08-04 06:56 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-12-07 18:38 . 2004-08-04 06:56 33280 ----a-w- c:\windows\system32\dllcache\rundll32.exe
2009-12-04 05:45 . 2009-12-04 12:23 65536 --sha-w- c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
2009-12-04 05:44 . 2009-12-04 05:45 -------- d-----w- c:\documents and settings\All Users\Microsoft PData
2009-11-30 23:48 . 2009-11-30 23:48 -------- d-----w- c:\program files\Proxy Labs
2009-11-30 22:03 . 2009-11-19 17:48 872960 ----a-w- c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pfl0cjcm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-30 22:03 . 2009-11-19 17:48 43008 ----a-w- c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pfl0cjcm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-30 22:03 . 2009-11-19 17:48 340480 ----a-w- c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pfl0cjcm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-30 22:03 . 2009-11-19 17:48 346624 ----a-w- c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pfl0cjcm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-15 22:44 . 2009-11-15 22:44 79488 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-11 01:58 . 2009-11-11 01:58 364544 ----a-w- c:\windows\system32\pcaplsp.dll
2009-11-11 01:57 . 2009-11-11 01:57 315392 ----a-w- c:\windows\system32\sbcrreag.dll
2009-11-09 17:03 . 2009-10-05 20:11 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\unregister.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 19:08 . 2007-03-04 14:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Skype
2009-12-07 19:07 . 2009-06-10 21:22 -------- d-----w- c:\program files\Steam
2009-12-07 19:00 . 2008-11-16 21:38 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-07 19:00 . 2008-11-16 21:38 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-07 18:43 . 2008-11-17 00:00 -------- d-----w- c:\documents and settings\Scott\Application Data\skypePM
2009-12-04 17:23 . 2008-09-03 17:41 -------- d-----w- c:\documents and settings\Scott\Application Data\OpenOffice.org2
2009-12-04 17:23 . 2008-09-03 17:41 1 ----a-w- c:\documents and settings\Scott\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-01 04:47 . 2009-08-24 18:38 -------- d-----w- c:\program files\World of Warcraft
2009-11-12 16:17 . 2007-09-18 15:22 -------- d-----w- c:\program files\Replay AV 8
2009-11-09 17:16 . 2009-11-09 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-10-05 20:11 . 2009-11-09 17:03 30568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\Uninstaller.exe
2009-10-05 20:10 . 2009-11-09 17:16 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4469\AOLFirewallMgr.dll
2009-10-05 20:10 . 2009-11-09 17:16 83752 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4469\ProgUpd.dll
2009-10-05 20:10 . 2009-11-09 17:16 36704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4469\postproc.exe
2009-10-05 20:10 . 2009-11-09 17:16 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4469\setup.exe
2009-10-05 20:10 . 2009-11-09 17:16 1025384 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4469\gui.dll
2009-10-05 20:10 . 2009-11-09 17:03 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\ProgUpd.dll
2009-10-05 20:10 . 2009-11-09 17:03 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\postproc.exe
2009-10-05 20:10 . 2009-11-09 17:03 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\setup.exe
2009-10-05 20:10 . 2009-11-09 17:03 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AOLFirewallMgr.dll
2009-10-05 20:10 . 2009-11-09 17:03 1025384 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\gui.dll
2009-10-02 10:40 . 2006-04-15 22:11 71840 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 05:37 . 2004-08-10 18:51 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-01-14 00:13 . 2008-04-07 05:01 10294 ----a-w- c:\program files\hijackthis.log
2005-02-16 15:06 . 2005-02-16 15:06 218112 ----a-w- c:\program files\HijackThis.exe
2007-11-09 22:25 . 2008-11-18 05:37 57344 ----a-w- c:\program files\mozilla firefox\components\MGSHelper.dll
2009-08-08 15:21 . 2006-04-22 05:54 56 --sha-r- c:\windows\system32\5EA12DC95F.sys
2006-04-22 02:56 . 2006-04-22 02:56 56 --sha-r- c:\windows\system32\85DEA2AF0B.sys
2009-08-08 15:21 . 2006-04-22 05:54 4444 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_00.44.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 19:00 . 2009-12-07 19:00 16384 c:\windows\temp\Perflib_Perfdata_150.dat
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2007-02-06 03:39 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2007-02-06 03:39 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-01-23 18:35 . 2009-01-23 18:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-23 18:35 . 2009-12-07 19:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-04-15 21:52 . 2009-12-07 19:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-04-15 21:52 . 2009-01-23 18:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-04-15 21:52 . 2009-12-07 19:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-04-15 21:52 . 2009-01-23 18:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-28 10:08 . 2009-11-28 10:08 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-30 23:48 . 2009-11-30 23:48 8478 c:\windows\Installer\{C008BDCC-69EC-47F5-8459-AF3994C07A3C}\_B844E5CB5442EBABEBBF6C.exe
+ 2009-11-30 23:48 . 2009-11-30 23:48 8478 c:\windows\Installer\{C008BDCC-69EC-47F5-8459-AF3994C07A3C}\_53045081D4B569080483A4.exe
+ 2006-03-15 20:08 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
+ 2009-11-30 23:48 . 2009-11-30 23:48 576512 c:\windows\Installer\ace40c7.msi
+ 2009-11-28 10:08 . 2009-11-28 10:08 429568 c:\windows\Installer\347de289.msi
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-04-14 00:12 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-10 18:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-04-14 00:12 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2006-09-13 05:01 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df8e1866-5ea0-4e23-96f4-98656bf2776f}]
relipasi.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-06 2075384]
"Steam"="c:\program files\steam\steam.exe" [2009-11-03 1217808]
"EPSON NX100 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE" [2008-02-04 188928]
"ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe" [2009-11-11 569344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-02 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-13 1117184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-15 169472]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-13 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 999424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-02 180269]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"winupdate86.exe"="c:\windows\system32\winupdate86.exe" [2009-12-07 35328]
"ATIPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-21 57344]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2008-8-25 13357056]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe logon.exe"
"Userinit"="c:\windows\system32\winlogon86.exe,c:\windows\system32\sdra64.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Scott\\Desktop\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys [11/13/2005 4:43 PM 11008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2007 10:07 AM 24652]
S2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [7/1/2009 11:22 AM 36480]
S3 cpuz130;cpuz130;\??\c:\docume~1\Scott\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Scott\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{708CCFE0-54F7-5E08-3606-74F82FB33EB8}]
c:\windows\system32:smsss.exe
.
Contents of the 'Scheduled Tasks' folder

2006-04-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2009-12-05 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (D4MTVC91-Scott).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-03-15 00:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-rel
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: pcaplsp.dll
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pfl0cjcm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pfl0cjcm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
FF - plugin: c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pfl0cjcm.default\extensions\[email protected]\plugins\npDyyno.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 13:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\lowsec
c:\windows\system32\winhelper86.dll 0 bytes
c:\windows\system32\41.exe 0 bytes
c:\windows\system32\AVR10.exe 0 bytes
c:\windows\system32\sdra64.exe 104960 bytes executable

scan completed successfully
hidden files: 5

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x87DEA1DE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x87dee69a
Warning: possible MBR rootkit infection !
MBR rootkit code detected !
malicious code @ sector 0x12a050fc size 0x1b5 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
PE file found in sector at 0x012A050FC !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(548)
c:\windows\system32\pcaplsp.dll

- - - - - - - > 'Explorer.exe'(2092)
c:\progra~1\mcafee.com\vso\McVSSkt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2009-12-07 13:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 19:42
ComboFix2.txt 2009-11-13 01:03
ComboFix3.txt 2009-03-13 17:54
ComboFix4.txt 2009-01-16 22:13
ComboFix5.txt 2009-12-07 18:55

Pre-Run: 45,408,841,728 bytes free
Post-Run: 45,492,977,664 bytes free

- - End Of File - - F6F01E8CD1FA5334F184CC145DC9E0AC
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #4 ·
while all the previous problems have been solved, I am continuing to get google and bing.com redirects from active links, what else can I do here?

Thanks very much for your time and consideration
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top