Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect via IE, and programs won't update, but can connect via Firefox


  • This topic is locked This topic is locked
9 replies to this topic

#1 Watarski

Watarski

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 02 June 2010 - 04:05 PM

I think my PC has a virus, but cannot do certain things to verify. Description: I can surf the web via FireFox, but get a connection error with IE. Chat within GMAIL is also disabled. I cannot connect to update AdAware, and I'm not sure it's allowed me to update malwarebytes or spybot. I have run spybot and gotten rid of 63 instances, but am still having the problem. Not that it matters, but I can also not update HP software. I have updated my Norton Antivirus Corporate Gold edition, but every time I try and scan the entire machine, it stops and says: User stopped scan. My HiJackThis logfile is:

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pajaks\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Pajaks\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--

Any help on what else I can try to fix this infection?

EDIT: Moved from XP to Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 02 June 2010 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 Watarski

Watarski
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 03 June 2010 - 08:30 AM

Thursday morning bump for help-

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:45 AM

Posted 06 June 2010 - 10:13 AM

Hi Watarski,

Please let me know if you still need assistance. In the case you still need assistance please update me abut the current conditions of your computer and the issues you are noticing.

#4 Watarski

Watarski
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 07 June 2010 - 07:37 AM

farbar - thank you for the reply. I am still having the same issues as above. I have not been able to find additional info that will help get rid of the problem(s).

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:45 AM

Posted 07 June 2010 - 09:03 AM

  1. You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    1. First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup
      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    2. Then download ResetTeaTimer.exe to your desktop.
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.

  2. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    proxycfg -d

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this:
    • Double-click to run it.
    • A window flashes, this is normal. This should restore IE connection issue. Please check and tell me about it.

  3. Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • If DeFogger ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.

  4. Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).

    Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    CODE
    @echo off
    mbr.exe -t
    ping 1.1.1.1 -n 1 -w 1000 >nul
    start mbr.log

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: dirlook.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this:
    • Double-click to run it.
    • A notepad opens, copy and paste the content (log.txt) to your reply.

  5. Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run. When done it will open two logs:
      • DDS.txt
      • Attach.txt
    • Copy and paste the logs to your reply.


#6 Watarski

Watarski
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 13 June 2010 - 10:29 AM

First, thank you for taking the time. I've been on business travel and finally did your procedures. Below are the log results for MBR, DDS, Attach:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

____________________________________________________________

DDS (Ver_10-03-17.01) - NTFSx86
Run by Pajaks at 21:37:05.45 on Fri 01/30/2004
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2500 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pajaks\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pajaks\applic~1\mozilla\firefox\profiles\sswtsoq2.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\documents and settings\pajaks\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\pajaks\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\pajaks\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2009-6-26 102400]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100612.003\NAVENG.sys [2004-1-30 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100612.003\NAVEX15.sys [2004-1-30 1347504]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-11-21 11520]

=============== Created Last 30 ================

2010-05-24 03:57:25 0 d-----w- c:\windows\system32\NtmsData
2010-05-24 03:18:49 4284 ------w- c:\windows\hphmdl02.dat.temp
2010-05-24 03:18:49 19738 ------w- c:\windows\HPHins02.dat.temp
2010-05-05 01:25:04 0 d-----w- c:\program files\iPod
2010-05-05 01:24:52 0 d-----w- c:\program files\iTunes
2010-05-05 01:18:45 0 d-----w- c:\program files\Bonjour
2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 03:11:15 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-22 00:52:33 0 d-----w- c:\docume~1\pajaks\applic~1\TaxCut
2010-03-21 23:00:43 0 d-----w- c:\program files\PDF995
2010-03-21 22:59:58 0 d-----w- c:\docume~1\alluse~1\applic~1\TaxCut
2010-03-21 22:58:53 0 d-----w- c:\program files\HRBlock2009
2010-03-18 02:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-18 02:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-02-21 15:44:12 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-02-21 15:44:12 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-02-21 15:44:11 0 d-----w- c:\program files\Garmin
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-07 17:48:09 0 d-----w- c:\docume~1\pajaks\applic~1\BitTorrent
2010-02-07 17:46:05 0 d-----w- c:\program files\BitTorrent
2010-01-23 00:49:25 376 ----a-w- c:\windows\ODBC.INI
2010-01-23 00:49:11 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-01-23 00:48:20 0 d-----w- c:\program files\Microsoft ActiveSync
2010-01-23 00:47:46 0 d-----w- c:\windows\SHELLNEW
2010-01-23 00:37:10 0 d-----w- c:\program files\PowerISO
2010-01-18 03:08:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 03:08:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-17 20:17:29 0 d-----w- c:\docume~1\pajaks\applic~1\Malwarebytes
2010-01-17 20:17:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 20:17:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 20:17:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 20:17:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-13 13:58:03 0 d-sh--w- c:\documents and settings\pajaks\IECompatCache
2010-01-06 05:06:11 0 d-----w- c:\program files\MSXML 4.0
2010-01-03 17:42:40 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2010-01-03 17:42:39 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-01-03 17:42:39 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-01-03 17:42:39 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-01-03 17:42:39 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-01-03 17:38:36 258048 ----a-w- c:\windows\system32\hpzcon09.dll
2010-01-03 17:38:36 192512 ----a-w- c:\windows\system32\hpzcoi09.dll
2009-12-30 19:13:47 0 d-sh--w- c:\documents and settings\pajaks\PrivacIE
2009-12-26 23:45:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-21 18:29:44 17692 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-05 16:58:37 120568 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-05 16:58:37 118256 ------w- c:\windows\system32\pxinsi64.exe
2009-11-30 18:46:43 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-11-30 18:46:04 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-11-30 18:45:21 94208 ------w- c:\windows\system32\HPZipt12.dll
2009-11-30 18:45:21 69632 ------w- c:\windows\system32\HPZipm12.exe
2009-11-30 18:45:21 65536 ------w- c:\windows\system32\HPZinw12.exe
2009-11-30 18:45:21 57344 ------w- c:\windows\system32\HPZisn12.dll
2009-11-30 18:45:21 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-30 18:45:21 282680 ------w- c:\windows\system32\HPZidr12.dll
2009-11-30 18:45:21 204800 ------w- c:\windows\system32\HPZipr12.dll
2009-11-30 18:44:56 0 d-----w- c:\program files\HP
2009-11-30 18:44:16 110415 ----a-w- c:\windows\hpoins11.dat
2009-11-30 18:44:14 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-11-30 18:44:14 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-11-30 18:44:13 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-11-30 18:44:06 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2009-11-30 18:44:05 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2009-11-30 18:44:05 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2009-11-30 18:44:05 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2009-11-30 18:44:05 282624 ----a-w- c:\windows\system32\HPZc3212.dll
2009-11-30 18:44:05 254026 ----a-w- c:\windows\system32\hpovst09.dll
2009-11-30 18:43:59 6947 ----a-w- c:\windows\hpomdl11.dat
2009-11-27 17:11:44 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07:35 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:34 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-24 20:17:33 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-24 20:17:33 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-24 06:30:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-24 06:30:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 14:18:22 0 d-----w- c:\windows\system32\XPSViewer
2009-11-23 14:17:37 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-23 14:17:37 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-23 14:17:37 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-23 14:17:37 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-23 14:17:37 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-23 14:17:37 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-23 14:17:37 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-23 14:12:16 0 ----a-w- c:\windows\VPC32.INI
2009-11-23 14:10:28 0 d-----w- c:\windows\system32\appmgmt
2009-11-22 23:24:35 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-22 05:47:43 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-22 05:47:43 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-22 05:46:44 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-22 05:45:26 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-22 05:45:26 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-22 04:48:15 0 d-----w- c:\docume~1\pajaks\applic~1\ZoomBrowser EX
2009-11-22 04:36:44 0 d-----w- c:\docume~1\pajaks\applic~1\CameraWindowDC
2009-11-22 04:36:43 0 d-----w- c:\docume~1\pajaks\applic~1\CANON INC
2009-11-22 04:35:22 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-22 04:35:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-22 04:35:20 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-22 04:35:20 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-22 04:29:13 0 d-----w- c:\windows\pss
2009-11-22 04:28:30 0 d-sh--w- c:\documents and settings\pajaks\IETldCache
2009-11-22 04:25:49 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-22 04:25:32 0 d-----w- c:\windows\ie8updates
2009-11-22 04:25:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-22 04:25:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-22 04:23:36 0 dc-h--w- c:\windows\ie8
2009-11-22 02:58:46 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-11-22 02:58:46 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2009-11-22 02:58:08 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-11-22 02:58:08 0 d-----w- c:\program files\Western Digital
2009-11-22 02:46:25 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-11-22 02:33:12 0 d-----w- c:\program files\Canon
2009-11-22 02:25:16 0 d-----w- c:\program files\common files\Canon
2009-11-22 01:46:55 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-22 01:46:55 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-22 01:45:10 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-22 01:44:17 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-22 01:44:15 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-22 01:44:14 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-22 01:44:01 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-22 01:42:29 0 d-----w- c:\windows\system32\PreInstall
2009-11-22 01:42:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-22 01:34:42 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-22 01:34:42 73496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-22 01:34:42 124167 ----a-w- c:\windows\system32\SYMEVNT.386
2009-11-22 01:34:28 0 d-----w- c:\program files\Symantec
2009-11-22 01:34:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-11-22 01:34:25 0 d-----w- c:\program files\Symantec_Client_Security
2009-11-22 01:34:25 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-22 01:11:42 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-11-22 01:11:42 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-11-22 01:11:29 0 d--h--w- c:\program files\Creative Installation Information
2009-11-22 01:11:29 0 d-----w- c:\program files\common files\Creative
2009-11-22 00:07:10 584 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-11-22 00:07:10 584 ----a-w- c:\windows\system32\settings.sfm
2009-11-22 00:04:05 7062 ----a-w- c:\windows\system32\audiopid.vxd
2009-11-22 00:02:59 5627 ----a-r- c:\windows\system32\Ludap17.ini
2009-11-22 00:02:59 39 ----a-r- c:\windows\system32\ctzapxx.ini
2009-11-22 00:02:59 0 d-----w- c:\windows\system32\Data
2009-11-22 00:02:58 11264 ----a-w- c:\windows\INRES.DLL
2009-11-22 00:02:51 7572224 ------w- c:\windows\system32\CT8MGM.SF2
2009-11-22 00:02:50 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2009-11-22 00:02:49 2167684 ----a-r- c:\windows\system32\ct2mgm.sf2
2009-11-22 00:01:50 0 d-----w- c:\program files\Creative
2009-11-21 23:34:00 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-21 23:32:55 5110 ----a-r- c:\windows\system32\e100b325.din
2009-11-21 23:32:52 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-11-21 23:32:52 145408 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-11-21 23:32:52 145408 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-11-21 23:32:52 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2009-11-21 23:32:52 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-11-21 23:32:52 0 d-----w- C:\drvrtmp
2009-11-21 23:32:34 0 d-----w- C:\dell
2009-11-21 23:30:58 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-11-21 20:01:55 0 d-s---w- c:\windows\system32\Microsoft
2009-11-21 20:01:48 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-11-21 19:57:01 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-21 19:56:42 0 d--h--w- c:\program files\WindowsUpdate
2009-11-21 19:56:04 0 d-----w- c:\program files\common files\MSSoap
2009-11-21 19:54:25 0 d-----w- c:\program files\Online Services
2009-11-21 19:54:13 0 d-----w- c:\program files\Windows Media Connect 2
2009-11-21 19:54:11 0 d-----w- c:\program files\Messenger
2009-11-21 19:54:08 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-21 19:53:37 0 d-----w- c:\program files\Windows NT
2009-11-21 07:45:38 0 d-----w- c:\program files\common files\ODBC
2009-11-21 07:45:34 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-21 07:45:01 0 d-----r- c:\documents and settings\all users\Documents
2004-01-20 07:07:34 0 d-----w- c:\program files\Lavasoft
2004-01-15 05:26:27 0 d-----w- c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 15:01:30 691712 ----a-w- c:\windows\system32\inetcomm.dll
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 06:59:40 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 19:54:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-15 16:28:26 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-23 21:00:38 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00:38 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-14 13:21:25 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:05:44 1372672 ----a-w- c:\windows\system32\msxml6.dll
2009-07-31 04:35:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-21 06:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 05:43:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25:26 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31:40 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-28 20:20:06 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-28 20:20:06 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-28 20:20:06 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-04-28 20:20:06 129520 ------w- c:\windows\system32\pxafs.dll
2009-04-15 14:51:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 05:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-08 10:34:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 10:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 10:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 10:32:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 10:31:38 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 10:31:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 10:31:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 10:22:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10:48 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39:08 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10:02 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-01-08 00:20:38 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-01-08 00:20:36 26112 ----a-w- c:\windows\system32\idndl.dll
2009-01-08 00:20:36 23552 ----a-w- c:\windows\system32\normaliz.dll
2009-01-08 00:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-08-29 22:15:14 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2008-08-29 22:14:59 990208 ----a-w- c:\windows\system32\syssetup.dll
2008-08-29 22:13:26 414720 ----a-w- c:\windows\system32\msscp.dll
2008-08-29 22:11:57 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2008-08-14 13:57:42 74720 ----a-w- c:\windows\system32\drivers\adfs.sys
2008-08-14 10:04:36 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-31 16:16:54 947472 ----a-w- c:\windows\system32\msjava.dll
2008-07-30 03:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 03:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 03:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 02:35:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-30 01:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-30 01:59:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-30 01:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-30 01:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 01:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-30 01:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-30 01:24:50 11264 ----a-w- c:\windows\system32\icardres.dll

============= FINISH: 21:37:29.10 ===============

_________________________________________________________



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2009 2:00:44 PM
System Uptime: 1/30/2004 9:24:28 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel® Pentium® 4 CPU 3.06GHz | Microprocessor | 3059/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 2.533 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 279 GiB total, 75.81 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02\3&172E68DD&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02\3&172E68DD&0&FD
Service:

==== System Restore Points ===================

RP177: 5/5/2010 12:03:48 AM - System Checkpoint
RP178: 5/6/2010 12:24:59 AM - System Checkpoint
RP179: 5/7/2010 7:59:44 AM - System Checkpoint
RP180: 5/8/2010 8:20:07 AM - System Checkpoint
RP181: 5/9/2010 9:52:05 AM - System Checkpoint
RP182: 5/10/2010 10:19:02 AM - System Checkpoint
RP183: 5/11/2010 12:19:25 PM - System Checkpoint
RP184: 5/12/2010 12:44:29 PM - System Checkpoint
RP185: 5/13/2010 1:39:45 PM - System Checkpoint
RP186: 5/14/2010 1:55:27 PM - System Checkpoint
RP187: 5/15/2010 2:38:44 PM - System Checkpoint
RP188: 5/16/2010 10:22:39 AM - Software Distribution Service 3.0
RP189: 5/17/2010 10:52:25 AM - System Checkpoint
RP190: 5/18/2010 11:03:20 AM - System Checkpoint
RP191: 5/19/2010 11:05:51 AM - System Checkpoint
RP192: 5/20/2010 12:23:42 PM - System Checkpoint
RP193: 5/21/2010 1:19:21 PM - System Checkpoint
RP194: 5/22/2010 2:14:55 PM - System Checkpoint
RP195: 5/23/2010 3:43:16 PM - System Checkpoint
RP196: 5/24/2010 4:02:32 PM - System Checkpoint
RP197: 5/25/2010 4:23:37 PM - System Checkpoint
RP198: 5/26/2010 4:40:32 PM - System Checkpoint
RP199: 5/27/2010 5:23:37 PM - System Checkpoint
RP200: 1/15/2004 1:54:35 AM - System Checkpoint
RP201: 1/16/2004 2:19:16 AM - System Checkpoint
RP202: 1/17/2004 2:42:57 AM - System Checkpoint
RP203: 1/18/2004 3:40:34 AM - System Checkpoint
RP204: 1/19/2004 5:42:02 AM - System Checkpoint
RP205: 1/20/2004 1:25:11 AM - Software Distribution Service 3.0
RP206: 1/21/2004 1:52:37 AM - System Checkpoint
RP207: 1/22/2004 2:53:41 AM - System Checkpoint
RP208: 1/23/2004 4:27:27 AM - System Checkpoint
RP209: 1/24/2004 5:24:29 AM - System Checkpoint
RP210: 1/25/2004 6:57:15 AM - System Checkpoint
RP211: 1/26/2004 7:05:58 AM - System Checkpoint
RP212: 1/27/2004 7:53:41 AM - System Checkpoint
RP213: 1/28/2004 8:52:36 AM - System Checkpoint
RP214: 1/29/2004 8:53:41 AM - System Checkpoint
RP215: 1/30/2004 9:53:41 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware SE Personal
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Production Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.5
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan_CDA
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitTorrent
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Codec
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.7
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Connect
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WaveStudio 7
Garmin USB Drivers
Garmin WebUpdater
Google Talk Plugin
H&R Block Basic + Efile 2009
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
Intel® PRO Network Adapters and Drivers
iTunes
Java™ 6 Update 16
kuler
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Move Media Player
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PowerISO
QuickTime
Scan
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sound Blaster Audigy
Spybot - Search & Destroy
Suite Shared Configuration CS4
Symantec AntiVirus Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WD Drive Manager (x86)
WebFldrs XP
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/21/2010 7:42:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
3/21/2010 7:42:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/10/2010 8:38:57 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/10/2010 7:57:13 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
3/10/2010 7:57:13 PM, error: atapi [15] - The device, \Device\Ide\IdePort0, is not ready for access yet.

==== End Of File ===========================





#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:45 AM

Posted 13 June 2010 - 11:00 AM

The connection issue with IE should have been resolved now.
  1. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


    Note: In case you could not update MBAM udate MBAM manually. To do that download http://www.malwarebytes.org/mbam/database/mbam-rules.exe
    Double-click mbam-rules.exe to run it.
    Then run MBAM, let remove what it finds, reboot if needed and post the log.

  2. Please tell me also if you could update MBAM. Also tell me what are the remaining issues.


#8 Watarski

Watarski
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 13 June 2010 - 11:34 AM

I forgot to mention that IE is up and running. Below is the results of the quick scan. MBAM allowed me to update. I don't see any other problems actually. The only other problem I see is my Norton Antivirus won't let me scan the machine. When I try and start it, it starts then stops saying "user stopped scan". I will probably use another program like Endpoint anyway. Thank you for all the help!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4194

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/30/2004 10:37:37 PM
mbam-log-2004-01-30 (22-37-37).txt

Scan type: Quick scan
Objects scanned: 126361
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:45 AM

Posted 13 June 2010 - 11:49 AM

Great. thumbup2.gif

In case you wanted to use Norton you may uninstall and reinstall it.
  1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 20 (JDK or JRE)".
    • Click the Download JRE button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.

  2. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

  3. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

Recommendations:
  1. I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  2. I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
    • Download and install it.
    • Update it manually by clicking on Updates in the left pane and then Check for Updates.
    • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
    • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.

Happy surfing Watarski. smile.gif

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:45 AM

Posted 20 June 2010 - 04:03 PM


This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users