38 replies to this topic

[KateetaK]

Here is the BitDefender log:

BitDefender QuickScan Beta v0.9.7.8
-----------------------------------

Scan date: Sat Nov 28 17:15:39 2009
Machine ID: 54A4E9FB

Warning: Low execution rights. Please run QuickScan/browser as Administrator.


No infection found.
---------------------


Processes
---------
<unsigned> Antivirus System Tray Tool 2352 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

<verified> iTunesHelper Module 2128 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE binary 3896 C:\Program Files\Java\jre6\bin\java.exe
<verified> Java™ Platform SE binary 1320 C:\Program Files\Java\jre6\bin\jp2launcher.exe
<verified> Java™ Platform SE binary 2344 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Firefox 704 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> System settings protector 2476 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<verified> Windows Defender User Interface 1296 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Media Center Media Status Aggregator Service 3244 C:\Windows\ehome\ehmsas.exe
<verified> Media Center Tray Applet 2488 C:\Windows\ehome\ehtray.exe
<verified> Windows Explorer 1992 C:\Windows\Explorer.EXE
<verified> HD Audio Control Panel 2328 C:\Windows\RtHDVCpl.exe
<verified> Desktop Window Manager 1892 C:\Windows\system32\Dwm.exe
<verified> Microsoft Sync Center 2144 C:\Windows\System32\mobsync.exe
<verified> Notepad 3288 C:\Windows\System32\notepad.exe
<verified> Windows host process (Rundll32) 2308 C:\Windows\System32\rundll32.exe
<verified> Task Scheduler Engine 1884 C:\Windows\system32\taskeng.exe


Network activity
----------------
Process jusched.exe (2344) connected on port 80 (HTTP) - 63.116.166.18



Autoruns and critical files
---------------------------
<unsigned> Antivirus System Tray Tool C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
<unsigned> Microsoft Office 2000 component C:\Program Files\Microsoft Office\Office\OSA9.EXE
<unsigned> QuickTime Task C:\Program Files\QuickTime\QTTask.exe
<unsigned> Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE

<verified> Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> AppleSyncNotifier C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
<verified> Product Registration C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
<verified> Logitech Bluetooth Service c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
<verified> iTunesHelper Module C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Logitech SetPoint Event Manager (UNICODE) C:\Program Files\Logitech\SetPoint\SetPoint.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
<verified> System settings protector C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<verified> Windows Defender User Interface C:\Program Files\Windows Defender\MSASCui.exe
<verified> Media Center Tray Applet C:\Windows\ehome\ehtray.exe
<verified> Logitech KHAL Main Process C:\Windows\KHALMNPR.EXE
<verified> HD Audio Control Panel C:\Windows\RtHDVCpl.exe
<verified> Shell Browser UI Library C:\Windows\System32\browseui.dll
<verified> NVIDIA Display Properties Extension C:\Windows\system32\NvCpl.dll
<verified> NVIDIA Media Center Library C:\Windows\System32\nvmctray.dll
<verified> Windows host process (Rundll32) C:\Windows\System32\rundll32.exe
<verified> Userinit Logon Application c:\windows\system32\userinit.exe
<verified> Web Site Monitor C:\Windows\System32\webcheck.dll
<verified> Windows Genuine Advantage Notification C:\Windows\system32\WgaLogon.dll
<verified> Windows Portable Device Shell Service Object C:\Windows\System32\WPDShServiceObj.dll


Browser plugins
---------------
<unsigned> Bonjour Namespace Provider C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> DivX® Content Upload Plugin C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
<unsigned> DivX Web Player version 1.4.2.7 C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<unsigned> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> Adobe Shockwave for Director Netscape plug-in, ver C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
<unsigned> getPlusAdobe12250 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<unsigned> DivX Web Player version 1.4.2.7 C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<unsigned> npdnu C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
<unsigned> npdnupdater2 C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> npunagi2 C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
<unsigned> unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe
<unsigned> Adobe Shockwave for Director Netscape plug-in, ver C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<verified> Adobe PDF Helper for Internet Explorer c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified> Java™ Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll
<verified> 3.0.40818.0 c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified> np-mswmp C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> NPRuntime Script Plug-in Library for Java™ Depl C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> 1.7.0069.3 C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Adobe PDF Plug-In For Firefox and Netscape C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Rhapsody Player Engine Plugin C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
<verified> SBSD IE Protection c:\program files\spybot - search & destroy\sdhelper.dll
<verified> AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
<verified> HPDEXADO C:\Windows\Downloaded Program Files\HPDEXAXO.dll
<verified> sprthelper Module C:\Windows\Downloaded Program Files\sprthelper.exe
<verified> tgctlcm Module C:\Windows\Downloaded Program Files\tgctlcm.dll
<verified> Windows Presentation Foundation (WPF) plug-in for c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Internet Explorer C:\Windows\System32\ieframe.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Microsoft Windows Sockets 2.0 Service Provider C:\Windows\System32\mswsock.dll
<verified> E-mail Naming Shim Provider C:\Windows\System32\NapiNSP.dll
<verified> Network Location Awareness 2 C:\Windows\System32\nlaapi.dll
<verified> PNRP Name Space Provider C:\Windows\System32\pnrpnsp.dll
<verified> LDAP RnR Provider DLL C:\Windows\System32\winrnr.dll


Missing files
-------------
File not found: C:\Program Files\Yahoo!\Common\npyaxmpb.dll
referenced in: HLKM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\"Path"

File not found: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll
referenced in: HLKM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1\"Path"

File not found: c:\program files\avg\avg8\avgssie.dll
referenced in: HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\InprocServer32\(default)

File not found: c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
referenced in: HKCR\CLSID\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}\InprocServer32\(default)


Scan
----

No file uploaded.

Scan finished - communication took 16 sec
Total traffic - 0.04 MB sent, 2.44 KB recvd
Scanned 998 files and modules - 103 seconds

Edited by KateetaK, 28 November 2009 - 09:49 PM.

[KateetaK]

Sorry for the delay. Here are the .txt files. Outstanding issues...I know there are a few that I am not thinking of, but I can think of one off the top of my head. My computer will never go to a screensaver. The monitor is always on. Is this a problem? I feel like the computer never stops running. It's quite slow as well. I haven't been able to get into certain folders since I upgraded to Vista (i.e. My Videos, My Pictures, etc.). Oh, and Firefox resets everytime I restart my computer. It's extremely annoying!! DDS (Ver_09-11-29.01) - NTFSx86 Run by HP_Administrator at 22:56:37.43 on Sat 11/28/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.251 [GMT -5:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\HP_Administrator\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://verizon.yahoo.com uInternet Settings,ProxyOverride = localhost;<local>;*.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\hp_adm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166889208718 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\hp_adm~1\appdata\roaming\mozilla\firefox\profiles\nbt2co4w.default\ FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - component: c:\users\hp_administrator\appdata\roaming\mozilla\firefox\profiles\nbt2co4w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\users\hp_administrator\appdata\roaming\mozilla\firefox\profiles\nbt2co4w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS =============== R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-12-8 4608] R0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2008-7-22 24608] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-24 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-24 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-24 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-24 55656] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-8 21504] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904] =============== Created Last 30 ================ 2009-11-28 22:05:04 280128830 ----a-w- C:\registrybackup.reg 2009-11-28 07:10:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-28 07:10:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-27 23:16:31 0 d-s---w- C:\ComboFix.com 2009-11-27 19:58:12 98816 ----a-w- c:\windows\sed.exe 2009-11-27 19:58:12 161792 ----a-w- c:\windows\SWREG.exe 2009-11-25 17:47:37 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 16:58:31 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 16:58:31 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 16:58:26 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-25 06:21:17 0 d-----w- c:\programdata\WindowsSearch 2009-11-25 04:56:07 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-25 04:56:02 0 d-----w- c:\programdata\Avira 2009-11-25 04:56:02 0 d-----w- c:\program files\Avira 2009-11-25 04:27:17 77312 ----a-w- c:\windows\MBR.exe 2009-11-25 04:27:17 260608 ----a-w- c:\windows\PEV.exe 2009-11-24 00:53:20 0 d-----w- c:\program files\common files\Windows Live 2009-11-12 23:32:13 0 d-----w- c:\users\hp_adm~1\appdata\roaming\QuickScan 2009-11-10 21:02:15 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-10 21:01:42 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-04 15:04:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2009-10-30 18:59:00 0 d-----w- c:\windows\PCHEALTH 2009-10-30 13:20:59 0 d-----w- c:\users\hp_adm~1\appdata\roaming\GetRightToGo ==================== Find3M ==================== 2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-28 03:21:47 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-10-27 18:20:50 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-27 18:20:50 51200 ----a-w- c:\windows\inf\infpub.dat 2009-10-27 18:20:49 86016 ----a-w- c:\windows\inf\infstor.dat 2009-10-27 18:20:49 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-10-27 18:20:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-10-27 18:20:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-10-25 02:08:32 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2008-12-09 15:30:42 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 22:59:16.74 ===============

Attached Files

•  Attach.txt   3.71KB   361 downloads

[SweetTech]

My computer will never go to a screensaver. The monitor is always on. Is this a problem?

This can probably be fixed by changing a setting in the Control Panel.

Try this:
Right click on your Desktop and Choose Personalize.
Next find the Screen Saver link.
The Screen Saver window should now launch. Scroll through the Screen Saver drop down list to choose a screen saver that you like.
Once you've found the one you like click on Apply and then Click on OK.

I feel like the computer never stops running. It's quite slow as well. I haven't been able to get into certain folders since I upgraded to Vista (i.e. My Videos, My Pictures, etc.).

I think that this may be a path related issue. With Windows Vista, microsoft moved everything that use to be in the Documents and Settings folder to a Users folder. This link may be of use to you: Here

Firefox resets everytime I restart my computer. It's extremely annoying!!

Do you mean that every time you restart your computer your settings aren't being saved? It would help if you could elaborate on this a little bit more.

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

• Go to Start > Control Panel > Add/Remove Programs
• Remove ALL instances of Adobe Reader
• Re-boot your computer as required.
• Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

[KateetaK]

Thank you so much. I could have sworn I tried to simply change the screensaver that way before, but I must have been mistaken. I will check out that link you gave me about the private folder settings. I will also do what you said with Adobe Reader after I finish typing this reply. About Firefox, whenever I reboot my computer and load Firefox, the home page I save never appears. There are always 2 tabs that open. They are about Mozilla Firefox. There is also an extra bookmarks toolbar link that I delete every time. It always comes back. If I delete the recently bookmarked thing under my bookmarks, that always comes back as well. I will be more exact as soon as I reboot after I do what you told me with Adobe Reader. Also, is there anything I can to do rid myself of unnecessary stuff on my computer that I am unaware of? I know that I used to come here and post HiJackThis logs, and techs would find things that I needed to delete. I guess I am asking for a way to speed up my system and also free up space on my system. I will repost shortly.

[KateetaK]

This is just additional info about how Firefox resets: I just rebooted my computer and started up Firefox. It has the "Most Visited" button on the bookmarks toolbar (never stays away), the two tabs that open instead of the home page are "Welcome to Firefox" and "Mozilla Firefox Start Page" which is basically just a google search bar. When I close Firefox, it asks me if I want to save & quit, quit, or cancel. So pretty much anything I change in Options resets after I reboot my system.

[SweetTech]

Not a Malware Issues

At this stage your machine looks to be clean of malware, so the problems you are experiencing are not likely to be malware related. I think the best and fastest solution for you is to post in our Browsers, Internet & email forum. They specialize in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.

But before I send you off to them we need to do take care of a few things. Please make sure that you read this post fully.

Let's see if this helps at all:

Update FireFox
While in Firefox go to the Help menu.
Locate Check for Updates.
Allow Firefox to install the latest update. Which is 3.5.5.

Peer to Peer Program
While reviewing your logs I noticed that you currently have Peer to Peer program(s) installed on your computer.

You currently have the following P2P programs installed:

• LimeWire 5.3.6
• Vuze

Most of the infections that we see today are through P2P file sharing. By uninstalling the programs that I mentioned above you will be doing yourself a favor. It's impossible to trust the source of what is being downloaded from them and a file may or may not be what it appears to be.

How to Uninstall the P2P Programs:

• Click on Start > Control Panel and double click on Programs and Features.
  
• Locate LimeWire 5.3.6 and click on the Uninstall button to uninstall it.
  
• Repeat for Vuze.
  
• Close Control Panel when done.

PLEASE NOTE: When your uninstalling the P2P Program(s) some questions are worded in various ways to try and deceive you and keep you from uninstalling their Program.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested. I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance please let me know.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

[KateetaK]

Thank you so much for your help. I will be sure to post in the other forum for help with Firefox. Thanks again.

[SweetTech]

You are more than welcome. Stay Clean & Stay Safe. SweetTech.

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.