TechSpot

Firefox redirects

By limpylegs
Oct 30, 2010
  1. Hey guys,firefox has been redirecting me to sites like canine and roxifind,I ran a full system virus scan,spybot,and ccleaner and it's still doing it.I then ran hijack this but don't know how to interpret the finding's could you tell me what's wrong? also my windows host rundll32 has stopped working.
     

    Attached Files:

  2. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    here is the windows error for the windows host process(rundll32) has stopped working,i'm using windows 7

    Problem signature:
    Problem Event Name: BEX
    Application Name: rundll32.exe
    Application Version: 6.1.7600.16385
    Application Timestamp: 4a5bc637
    Fault Module Name: StackHash_0a9e
    Fault Module Version: 0.0.0.0
    Fault Module Timestamp: 00000000
    Exception Offset: 00000000
    Exception Code: c0000005
    Exception Data: 00000008
    OS Version: 6.1.7600.2.0.0.768.3
    Locale ID: 1033
    Additional Information 1: 0a9e
    Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
    Additional Information 3: 0a9e
    Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  4. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    can i post the hijack this log file as well?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    No. HJT is a very outdated tool and we don't use it anymore.
     
  6. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    Ok followed all the instructions,it seems to be working a lot better but i wanted to double check with you guys before making any conclusions.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5001

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/30/2010 7:01:06 PM
    mbam-log-2010-10-30 (19-01-06).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 313019
    Time elapsed: 1 hour(s), 3 minute(s), 55 second(s)

    Memory Processes Infected: 4
    Memory Modules Infected: 3
    Registry Keys Infected: 102
    Registry Values Infected: 2
    Registry Data Items Infected: 4
    Folders Infected: 2
    Files Infected: 39

    Memory Processes Infected:
    c:\programdata\ir50_qc32.exe (Trojan.Tracur) -> Unloaded process successfully.
    c:\programdata\api-ms-win-core-memory-l1-1-032.exe (Trojan.Tracur) -> Unloaded process successfully.
    C:\ProgramData\WsmRes32.exe (Trojan.Tracur) -> Unloaded process successfully.
    C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-032.exe (Trojan.Tracur) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\ProgramData\ir50_qc32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Windows\System32\config\systemprofile\AppData\Roaming\D91F.tmp (Trojan.Tracur) -> Delete on reboot.
    C:\Users\clehigh\AppData\Local\KBDLes.dll (Trojan.Hiloti) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vss32 (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1915590a-ead8-83b5-faa2-70e93fa820cd} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1915590a-ead8-83b5-faa2-70e93fa820cd} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a6e91e3c-6fc0-df9a-6f90-ec10acaa7051} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6e91e3c-6fc0-df9a-6f90-ec10acaa7051} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b02f530b-5a61-653b-f6cd-967c79271e6a} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b02f530b-5a61-653b-f6cd-967c79271e6a} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f1cf1665-b497-b3a3-d7a1-100f19163d22} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1cf1665-b497-b3a3-d7a1-100f19163d22} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{09794aad-bd6c-4e4b-b0f7-cc81335a2145} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09794aad-bd6c-4e4b-b0f7-cc81335a2145} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{227276bb-4b9a-75da-3dca-66fb7219f22c} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227276bb-4b9a-75da-3dca-66fb7219f22c} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2909414b-5416-b9b4-ef70-b405692858ec} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2909414b-5416-b9b4-ef70-b405692858ec} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3bac86e3-3df7-81ee-4147-55f42eed5f2d} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3bac86e3-3df7-81ee-4147-55f42eed5f2d} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3ecbb1e6-d40f-32ce-7cee-9daf87800363} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ecbb1e6-d40f-32ce-7cee-9daf87800363} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4f704af0-bbf2-6cf7-c502-2131ec65acb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f704af0-bbf2-6cf7-c502-2131ec65acb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5ab42b4d-a790-80a9-5303-e90a1ac2b7bd} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ab42b4d-a790-80a9-5303-e90a1ac2b7bd} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6e571a72-906e-d8f5-ae9e-a8683f651cf0} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e571a72-906e-d8f5-ae9e-a8683f651cf0} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9aa43ddf-8321-cbe8-e190-23377f4d6546} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9aa43ddf-8321-cbe8-e190-23377f4d6546} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a0ab2b8f-a516-9e55-680e-3dbad3cc4329} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0ab2b8f-a516-9e55-680e-3dbad3cc4329} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4b20b57-6288-c136-78ff-59afed22a8d4} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4b20b57-6288-c136-78ff-59afed22a8d4} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a5175f41-2409-89a9-cebf-620a8c054b5b} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5175f41-2409-89a9-cebf-620a8c054b5b} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ab28655b-396d-92ce-6e4f-7cf925a74087} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab28655b-396d-92ce-6e4f-7cf925a74087} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b4a6f399-ccc6-f735-6ccd-9dcb16a2e0f3} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4a6f399-ccc6-f735-6ccd-9dcb16a2e0f3} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb742680-e27d-ca62-0d40-60c86c5ab13e} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb742680-e27d-ca62-0d40-60c86c5ab13e} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c7819f87-c1e1-4fc2-ad73-b3ad3b0e51be} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7819f87-c1e1-4fc2-ad73-b3ad3b0e51be} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d1c7d556-ad83-d463-33b0-5e19078bffd7} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1c7d556-ad83-d463-33b0-5e19078bffd7} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f4b7da12-3e74-d531-2479-e3d7140276ce} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4b7da12-3e74-d531-2479-e3d7140276ce} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fa9df4db-ca4c-15e1-81d8-f17ad0ad6b5f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa9df4db-ca4c-15e1-81d8-f17ad0ad6b5f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2a257ecc-739c-a456-466f-b5d31916a2a3} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2a257ecc-739c-a456-466f-b5d31916a2a3} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a257ecc-739c-a456-466f-b5d31916a2a3} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6528e954-e5f3-1ef0-d267-46bd4d2f838d} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6528e954-e5f3-1ef0-d267-46bd4d2f838d} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{671a19dd-6141-e723-2f8e-fb842c5e7690} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{671a19dd-6141-e723-2f8e-fb842c5e7690} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{671a19dd-6141-e723-2f8e-fb842c5e7690} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6be07ae5-1e0a-45fb-379f-a219a2ea5a66} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6be07ae5-1e0a-45fb-379f-a219a2ea5a66} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{75730417-a7b1-fc72-cd7e-ac54f4bf0b0f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75730417-a7b1-fc72-cd7e-ac54f4bf0b0f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75730417-a7b1-fc72-cd7e-ac54f4bf0b0f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{760261e9-c6c5-4627-d749-b3abcf2beaa4} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{760261e9-c6c5-4627-d749-b3abcf2beaa4} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8768e79f-2b38-c5ad-9af2-d3234bb93030} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8768e79f-2b38-c5ad-9af2-d3234bb93030} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8768e79f-2b38-c5ad-9af2-d3234bb93030} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{984db96d-4451-3a41-2ea9-6516013bcfbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984db96d-4451-3a41-2ea9-6516013bcfbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dc368e2-1a39-7cc8-1c36-6bf2d8e1097d} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dc368e2-1a39-7cc8-1c36-6bf2d8e1097d} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9e53a81d-6546-0daf-b527-809955bbac9f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e53a81d-6546-0daf-b527-809955bbac9f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ae47905e-d085-43ae-a9f5-c4b47f3be4be} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae47905e-d085-43ae-a9f5-c4b47f3be4be} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8885e08-7791-0360-73cc-b83e3d3b4065} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8885e08-7791-0360-73cc-b83e3d3b4065} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb8b1c4a-bd21-e672-41b9-aafb0c774dbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb8b1c4a-bd21-e672-41b9-aafb0c774dbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d3a50f56-7ce9-f132-801e-51c7a9e18ebd} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3a50f56-7ce9-f132-801e-51c7a9e18ebd} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{de4710dc-6b55-902c-5f2d-83ee5656210f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de4710dc-6b55-902c-5f2d-83ee5656210f} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e2289070-4be2-5d07-6b02-2b51af1880ca} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2289070-4be2-5d07-6b02-2b51af1880ca} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e36b19ed-9563-9d9d-8588-ff08cd500617} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e36b19ed-9563-9d9d-8588-ff08cd500617} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e36b19ed-9563-9d9d-8588-ff08cd500617} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{eab687bc-04b6-b738-98cd-d2461418f512} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eab687bc-04b6-b738-98cd-d2461418f512} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f1077ebc-c0d2-42f6-c66f-850378bea7ad} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1077ebc-c0d2-42f6-c66f-850378bea7ad} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f4bcdab2-b9e4-cbc7-21ae-4dc7c43d7223} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4bcdab2-b9e4-cbc7-21ae-4dc7c43d7223} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f5ae2ef1-bb7e-4aad-c742-27e6114b9d18} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5ae2ef1-bb7e-4aad-c742-27e6114b9d18} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f5ea6a42-d6e4-45ef-1131-752c31963c3a} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5ea6a42-d6e4-45ef-1131-752c31963c3a} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wersvc32 (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewijoziyi (Trojan.Hiloti) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\programdata\ir50_qc32.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\programdata\api-ms-win-core-memory-l1-1-032.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\programdata\api-ms-win-core-misc-l1-1-032.dll -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://dymasearch.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\ProgramData\1985737549 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\clehigh\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    c:\programdata\ir50_qc32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\ir50_qc32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Windows\System32\config\systemprofile\AppData\Roaming\D91F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\programdata\api-ms-win-core-memory-l1-1-032.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\WsmRes32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-032.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Users\clehigh\AppData\Local\KBDLes.dll (Trojan.Hiloti) -> Delete on reboot.
    C:\Users\clehigh\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\1808284557c1 (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\1808284557c2 (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\1808284557c3 (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\1808284557c4 (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
    C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
    C:\ProgramData\iscsidsc32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\ProgramData\iTVData32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Users\clehigh\Desktop\setup\QuickTime_Update_KB118012.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\api-ms-win-core-localregistry-l1-1-032.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\duwkr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
    C:\Windows\System32\iscsium32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\iTVData32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\jffy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
    C:\Windows\System32\pdqe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Roaming\31AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Roaming\F316.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\duwkr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\iscsium32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\iTVData32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\jffy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\pdqe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\31AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\D91F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F316.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\GnuHashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

    --------------------------------------------------------------------------------------------------------
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-30 19:30:26
    Windows 6.1.7600
    Running: q3f2233u.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x31 0x69 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0x9E 0x3C 0xCF ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x8D 0xC0 0x4E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0xF8 0x63 0x3A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x31 0x69 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0x9E 0x3C 0xCF ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x8D 0xC0 0x4E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0xF8 0x63 0x3A ...

    ---- EOF - GMER 1.0.15 ----
     
  7. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    DDS (Ver_10-10-21.02) - NTFS_AMD64
    Run by clehigh at 19:30:43.37 on Sat 10/30/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.778 [GMT -4:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\clehigh\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: {C9530B04-ACEC-4428-B001-B9A99F124F73} = 69.78.96.14 66.174.92.14
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\clehigh\AppData\Roaming\Mozilla\Firefox\Profiles\him0rrrp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys [2010-10-30 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys [2010-10-30 221232]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [2010-10-30 676912]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys [2010-10-30 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSVia64.sys [2010-10-30 466992]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys [2010-10-30 149552]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys [2010-10-30 451120]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-30 132656]
    R3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2010-10-22 70672]
    R3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2010-10-22 173456]
    R3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2010-10-22 173456]
    R3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2010-10-22 12688]
    R3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2010-10-22 141840]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-27 295424]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-27 1088544]
    R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

    =============== Created Last 30 ================

    2010-10-30 21:54:24 -------- d-----w- C:\Users\clehigh\AppData\Roaming\Malwarebytes
    2010-10-30 21:53:45 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-10-30 21:53:44 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-10-30 21:53:44 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-10-30 21:53:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-10-30 19:55:03 -------- d-----w- C:\PROGRA~3\Recovery
    2010-10-30 18:49:40 -------- d-----w- C:\Windows\pss
    2010-10-30 18:30:36 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-10-30 17:15:18 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2010-10-30 17:15:18 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
    2010-10-30 17:15:18 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
    2010-10-30 17:15:14 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2010-10-30 17:14:39 -------- d-----w- C:\Program Files\Symantec
    2010-10-30 17:14:39 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2010-10-30 17:13:54 505392 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtsp64.sys
    2010-10-30 17:13:54 451120 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys
    2010-10-30 17:13:54 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys
    2010-10-30 17:13:54 32304 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtspx64.sys
    2010-10-30 17:13:54 221232 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys
    2010-10-30 17:13:54 149552 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys
    2010-10-30 17:13:53 615040 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys
    2010-10-30 17:13:40 -------- d-----w- C:\Windows\System32\drivers\N360x64\0401000.020
    2010-10-30 17:13:40 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2010-10-30 17:13:38 -------- d-----w- C:\Program Files (x86)\Norton 360
    2010-10-30 17:10:54 -------- d-----w- C:\PROGRA~3\PCSettings
    2010-10-30 16:56:41 -------- d-----w- C:\Users\clehigh\AppData\Roaming\Tific
    2010-10-30 16:56:40 -------- d-----w- C:\Users\clehigh\AppData\Local\Symantec
    2010-10-30 15:52:50 -------- d-----w- C:\Windows\SysWow64\842164071
    2010-10-29 22:34:40 -------- d-sh--w- C:\System Volume Data
    2010-10-28 20:50:16 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-28 20:36:58 -------- d-----w- C:\Users\clehigh\AppData\Roaming\HP Support Assistant
    2010-10-26 03:40:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-10-26 03:40:50 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-10-25 00:30:58 -------- d-----w- C:\Users\clehigh\AppData\Local\Adobe
    2010-10-25 00:28:52 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
    2010-10-24 22:32:31 -------- d-----w- C:\Program Files (x86)\Microsoft Streets & Trips 2010
    2010-10-24 22:30:58 -------- d-----w- C:\Program Files (x86)\MSECache
    2010-10-24 17:31:09 828912 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2010-10-24 17:30:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
    2010-10-24 17:18:20 -------- d-----w- C:\Users\clehigh\AppData\Roaming\DAEMON Tools Pro
    2010-10-24 17:18:20 -------- d-----w- C:\PROGRA~3\DAEMON Tools Pro
    2010-10-24 01:04:27 -------- d-----w- C:\Program Files (x86)\CCleaner
    2010-10-23 23:48:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2010-10-23 23:48:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2010-10-23 23:48:01 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2010-10-23 23:48:01 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
    2010-10-23 23:46:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-23 23:45:34 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-10-23 23:45:34 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-10-23 23:45:33 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-10-23 23:45:33 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-10-23 23:45:33 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-10-23 23:45:23 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2010-10-23 23:45:23 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2010-10-23 23:45:22 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-10-23 23:45:21 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-10-23 23:43:34 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2010-10-23 23:43:34 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2010-10-23 23:43:32 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-10-23 23:43:32 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-10-23 23:06:26 -------- d-----w- C:\Users\clehigh\AppData\Local\CyberLink
    2010-10-23 22:19:54 -------- d-----w- C:\Windows\SysWow64\Wat
    2010-10-23 22:19:54 -------- d-----w- C:\Windows\System32\Wat
    2010-10-23 22:09:18 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2010-10-23 22:09:18 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2010-10-23 22:09:18 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2010-10-23 22:09:18 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2010-10-23 22:09:18 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2010-10-23 22:09:18 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2010-10-23 22:09:18 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2010-10-23 22:09:18 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2010-10-23 22:09:17 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2010-10-23 22:09:17 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2010-10-23 22:03:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-10-23 21:59:03 -------- d-----w- C:\Program Files (x86)\TelevisionFanaticEI
    2010-10-23 11:24:32 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2010-10-23 11:24:30 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2010-10-23 11:24:30 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2010-10-23 11:24:29 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2010-10-23 11:24:28 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2010-10-23 11:24:28 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-10-23 11:21:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-23 11:21:43 641536 ----a-w- C:\Windows\SysWow64\CPFilters(24).dll
    2010-10-23 11:21:42 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2010-10-23 11:21:42 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-23 11:21:42 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2010-10-23 11:21:42 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-23 11:21:42 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-23 11:21:42 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-23 11:21:42 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-23 11:05:18 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-10-23 11:05:18 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-10-23 09:09:51 -------- d-----w- C:\Users\clehigh\AppData\Local\AOL
    2010-10-23 09:09:51 -------- d-----w- C:\Users\clehigh\AppData\Local\AIM
    2010-10-23 09:09:44 -------- d-----w- C:\PROGRA~3\AIM
    2010-10-23 09:09:40 -------- d-----w- C:\Program Files (x86)\AIM
    2010-10-23 09:09:39 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
    2010-10-23 09:09:37 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
    2010-10-23 08:25:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-10-23 08:25:52 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-10-23 06:28:14 -------- d-----w- C:\Program Files (x86)\uTorrent
    2010-10-23 06:27:54 -------- d-----w- C:\Users\clehigh\AppData\Roaming\uTorrent
    2010-10-23 06:24:49 -------- d-----w- C:\Program Files (x86)\Search Toolbar
    2010-10-23 06:23:44 -------- d-----w- C:\Program Files (x86)\My RingTone Maker
    2010-10-23 04:12:06 -------- d-sh--w- C:\PROGRA~3\SysWoW32
    2010-10-23 04:11:54 203776 --sh--w- C:\PROGRA~3\unrar.exe
    2010-10-23 04:11:30 -------- d-----w- C:\Users\clehigh\AppData\Local\CrashDumps
    2010-10-23 04:08:59 -------- d-----w- C:\Users\clehigh\AppData\Local\Apple
    2010-10-23 03:58:41 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2010-10-23 03:39:20 -------- d-----w- C:\Users\clehigh\AppData\Local\AskToolbar
    2010-10-23 03:25:41 -------- d-----w- C:\Users\clehigh\AppData\Roaming\LimeWire
    2010-10-23 03:25:30 -------- d-----w- C:\Program Files (x86)\Ask.com
    2010-10-23 03:25:06 -------- d-----w- C:\Program Files (x86)\LimeWire
    2010-10-23 02:30:35 -------- d-----w- C:\Users\clehigh\AppData\Local\Mozilla
    2010-10-23 01:41:34 -------- d-----w- C:\Users\clehigh\AppData\Roaming\Verizon Wireless
    2010-10-23 01:40:49 -------- d-----w- C:\PROGRA~3\WEngineLite
    2010-10-23 01:40:49 -------- d-----w- C:\PROGRA~3\Verizon Wireless
    2010-10-23 01:39:19 141840 ----a-w- C:\Windows\System32\drivers\PTDUWWAN.sys
    2010-10-23 01:39:19 12688 ----a-w- C:\Windows\System32\drivers\PTDUWFLT.sys
    2010-10-23 01:39:19 111704 ----a-w- C:\Windows\SysWow64\PTDUWmcp64.dll
    2010-10-23 01:39:19 111704 ----a-w- C:\Windows\System32\PTDUWmcp64.dll
    2010-10-23 01:39:19 100952 ----a-w- C:\Windows\SysWow64\PTDUWmcp.dll
    2010-10-23 01:39:19 100952 ----a-w- C:\Windows\System32\PTDUWmcp.dll
    2010-10-23 01:39:18 70672 ----a-w- C:\Windows\System32\drivers\PTDUBus.sys
    2010-10-23 01:39:18 173456 ----a-w- C:\Windows\System32\drivers\PTDUVsp.sys
    2010-10-23 01:39:18 173456 ----a-w- C:\Windows\System32\drivers\PTDUMdm.sys
    2010-10-23 01:39:18 -------- d-----w- C:\Program Files\PANTECH
    2010-10-23 01:27:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2010-10-23 01:27:29 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2010-10-23 01:27:27 139264 ----a-w- C:\Windows\System32\cabview.dll
    2010-10-23 01:27:27 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2010-10-23 01:13:03 -------- d-----w- C:\Program Files (x86)\Verizon Wireless
    2010-10-23 01:11:10 -------- d-----w- C:\Users\clehigh\AppData\Roaming\HpUpdate
    2010-10-23 00:47:50 -------- d-----w- C:\Users\clehigh\AppData\Local\VirtualStore
    2010-10-23 00:47:38 -------- d-----w- C:\Users\clehigh\AppData\Roaming\hpqlog
    2010-10-23 00:47:35 -------- d-----w- C:\Users\clehigh\AppData\Local\Hewlett-Packard

    ==================== Find3M ====================

    2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

    ============= FINISH: 19:32:07.79 ===============
     
  8. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    do you want the attach file from dds as well?it said at the top only if specified,.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes, please.
     
  10. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/22/2010 7:47:13 PM
    System Uptime: 10/30/2010 7:05:03 PM (0 hours ago)

    Motherboard: Hewlett-Packard | | 1484
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 219 GiB total, 175.284 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.305 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
    F: is CDROM (UDF)
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 10/22/2010 7:48:20 PM - First_User_Boot
    RP2: 10/22/2010 9:27:30 PM - Windows Update
    RP3: 10/22/2010 9:40:08 PM - Installed VZAccess Manager.
    RP4: 10/22/2010 11:47:42 PM - Removed Microsoft Office Home and Student 2007
    RP5: 10/23/2010 12:09:17 AM - Installed QuickTime
    RP6: 10/23/2010 4:25:11 AM - Installed Java(TM) 6 Update 22
    RP7: 10/23/2010 6:02:59 PM - Windows Update
    RP9: 10/24/2010 1:30:26 PM - SPTD setup V1.69
    RP10: 10/24/2010 6:31:49 PM - Installed Microsoft Streets & Trips 2010
    RP11: 10/24/2010 8:24:48 PM - Installed Adobe AIR
    RP12: 10/25/2010 11:33:29 PM - Installed UpdateStar
    RP13: 10/25/2010 11:38:13 PM - Removed UpdateStar
    RP14: 10/26/2010 3:00:15 AM - Windows Update
    RP15: 10/28/2010 6:31:58 PM - Windows Update
    RP16: 10/30/2010 4:53:53 PM - HPSF Applying updates

    ==== Installed Programs ======================

    ĀµTorrent
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Reader 9.2 MUI
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    AIM 7
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    Build-a-lot 2
    Cake Mania
    CCleaner
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Connect
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    CyberLink YouCam
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Download Updater (AOL LLC)
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Faerie Solitaire
    FATE
    HijackThis 2.0.2
    HP Advisor
    HP Customer Experience Enhancements
    HP Game Console
    HP Games
    HP Setup
    HP Smart Web Printing
    HP Software Framework
    HP Support Assistant
    HP Update
    HP User Guides 0178
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 22
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    kuler
    LabelPrint
    LimeWire 5.5.16
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable Package
    Microsoft Works
    Mozilla Firefox (3.6.12)
    MSVCRT
    muvee Reveal
    Mystery P.I. - The New York Fortune
    Norton 360
    Norton Online Backup
    Penguins!
    Photoshop Camera Raw
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    REALTEK Wireless LAN Software
    Recovery Manager
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    TextTwist 2
    Update for Microsoft Office Word 2007 (KB974631)
    Update for Office 2007 (KB934528)
    Virtual Families
    Virtual Villagers - The Secret City
    VZAccess Manager
    Wheel of Fortune 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Zuma's Revenge

    ==== Event Viewer Messages From Past Week ========

    10/30/2010 7:01:05 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 7:01:04 PM, Error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 7:01:04 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 12:04:11 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
    10/30/2010 11:52:42 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
    10/30/2010 11:43:18 AM, Error: Service Control Manager [7038] - The FontCache3.0.0.0 service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/30/2010 11:43:18 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not start due to a logon failure.
    10/30/2010 11:37:57 AM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/30/2010 11:37:57 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
    10/29/2010 10:50:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 4:35:19 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.120 with the system having network hardware address 00-1C-C0-CC-2F-1D. Network operations on this system may be disrupted as a result.
    10/27/2010 12:32:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    10/25/2010 8:48:21 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 6 time(s).
    10/25/2010 7:39:50 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 5 time(s).
    10/25/2010 7:37:00 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 4 time(s).
    10/25/2010 7:35:28 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
    10/25/2010 7:34:12 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s).
    10/23/2010 6:25:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    10/23/2010 6:19:59 PM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.

    ================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  12. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/30/2010 at 10:59 PM

    Application Version : 4.45.1000

    Core Rules Database Version : 5786
    Trace Rules Database Version: 3598

    Scan type : Quick Scan
    Total Scan Time : 01:05:49

    Memory items scanned : 589
    Memory threats detected : 0
    Registry items scanned : 1867
    Registry threats detected : 0
    File items scanned : 125369
    File threats detected : 0
     
  13. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    does that mean i'm good or is there anything else i should be checking?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    We're definitely not done.
    I still need MBRCheck log.
     
  15. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    what's an MBRcheck log?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-read my reply #11.
     
  17. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Presario CQ62 Notebook PC
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 206):
    0x02A05000 \SystemRoot\system32\ntoskrnl.exe
    0x02FE1000 \SystemRoot\system32\hal.dll
    0x00BB7000 \SystemRoot\system32\kdcom.dll
    0x00C77000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CBB000 \SystemRoot\system32\PSHED.dll
    0x00CCF000 \SystemRoot\system32\CLFS.SYS
    0x00D2D000 \SystemRoot\system32\CI.dll
    0x00E9C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F40000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x0108B000 \SystemRoot\System32\Drivers\spul.sys
    0x011B2000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x011BB000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
    0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
    0x011EA000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x011F3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F82000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F97000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01204000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01320000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01329000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01353000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x0135E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x0136E000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01379000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E1A000 \SystemRoot\system32\drivers\N360x64\0401000.020\SYMDS64.SYS
    0x013C5000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00C00000 \SystemRoot\system32\drivers\N360x64\0401000.020\SYMEFA64.SYS
    0x01450000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0163E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x0169C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x016B6000 \SystemRoot\System32\Drivers\cng.sys
    0x01729000 \SystemRoot\System32\drivers\pcw.sys
    0x0173A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01858000 \SystemRoot\system32\drivers\ndis.sys
    0x0194A000 \SystemRoot\system32\drivers\NETIO.SYS
    0x019AA000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
    0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01744000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0184A000 \SystemRoot\System32\Drivers\spldr.sys
    0x01790000 \SystemRoot\System32\drivers\rdyboost.sys
    0x019D5000 \SystemRoot\System32\Drivers\mup.sys
    0x019E7000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x017CA000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02F9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02FC7000 \SystemRoot\System32\Drivers\Null.SYS
    0x02FD0000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02FD7000 \SystemRoot\System32\drivers\vga.sys
    0x02E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02E25000 \SystemRoot\System32\drivers\watchdog.sys
    0x02E35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02E3E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02E47000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02E50000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02E5B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x017E0000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02FE5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x038A1000 \SystemRoot\system32\drivers\N360x64\0401000.020\SYMTDIV.SYS
    0x03917000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x0394D000 \SystemRoot\system32\drivers\afd.sys
    0x03800000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03845000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0384E000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03874000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x0388A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x039D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x01430000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x013D9000 \SystemRoot\system32\drivers\N360x64\0401000.020\Ironx64.SYS
    0x00E88000 \SystemRoot\system32\drivers\N360x64\0401000.020\SRTSPX64.SYS
    0x039F2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x02FF2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x03C9F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03CF0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03CFC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03D07000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101028.001\IDSvia64.sys
    0x03D82000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x03C00000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x03C25000 \SystemRoot\System32\drivers\discache.sys
    0x03C34000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0424B000 \SystemRoot\system32\drivers\N360x64\0401000.020\ccHPx64.sys
    0x042E7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x042F8000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx64.sys
    0x04200000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04226000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0423C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04A10000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x04062000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04156000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0419C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x041A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04000000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x04036000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03C52000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04613000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
    0x0473B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x04748000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04794000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x047B2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04490000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x044E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x044E4000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x044F3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04500000 \SystemRoot\System32\Drivers\a5tx2r0v.SYS
    0x04543000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x0454C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x0455C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04572000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04596000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x045A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x045D1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04400000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04421000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0443B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0443D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x045EC000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05408000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05462000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06080000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x062A7000 \SystemRoot\system32\drivers\portcls.sys
    0x062E4000 \SystemRoot\system32\drivers\drmk.sys
    0x06306000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0630C000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x06361000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05477000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x0636F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x06382000 \SystemRoot\system32\DRIVERS\PTDUBus.sys
    0x06392000 \SystemRoot\system32\DRIVERS\PTDUMdm.sys
    0x063BB000 \SystemRoot\system32\drivers\modem.sys
    0x063CA000 \SystemRoot\system32\DRIVERS\PTDUVsp.sys
    0x06000000 \SystemRoot\system32\DRIVERS\PTDUWWAN.sys
    0x06035000 \SystemRoot\system32\DRIVERS\PTDUWFLT.sys
    0x00060000 \SystemRoot\System32\win32k.sys
    0x06037000 \SystemRoot\System32\drivers\Dxapi.sys
    0x06043000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005E0000 \SystemRoot\System32\TSDDD.dll
    0x00760000 \SystemRoot\System32\cdd.dll
    0x00930000 \SystemRoot\System32\ATMFD.DLL
    0x06051000 \SystemRoot\system32\drivers\luafv.sys
    0x05593000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x055A8000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x047C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x047D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02E6C000 \SystemRoot\system32\drivers\HTTP.sys
    0x03C76000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x04047000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02F34000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02842000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02890000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x028B3000 \SystemRoot\system32\drivers\peauth.sys
    0x02959000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x02964000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x02991000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x02C6D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x02CD4000 \SystemRoot\System32\DRIVERS\srv.sys
    0x02D6A000 \SystemRoot\system32\drivers\N360x64\0401000.020\SRTSP64.SYS
    0x07A14000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101030.003\EX64.SYS
    0x07BD2000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101030.003\ENG64.SYS
    0x080BC000 \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
    0x080CA000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x776F0000 \Windows\System32\ntdll.dll
    0x47F70000 \Windows\System32\smss.exe
    0xFFA10000 \Windows\System32\apisetschema.dll
    0xFF3A0000 \Windows\System32\autochk.exe
    0x775F0000 \Windows\System32\user32.dll
    0xFF9E0000 \Windows\System32\imagehlp.dll
    0x778C0000 \Windows\System32\psapi.dll
    0xFF900000 \Windows\System32\oleaut32.dll
    0xFF890000 \Windows\System32\gdi32.dll
    0xFF880000 \Windows\System32\nsi.dll
    0xFF860000 \Windows\System32\sechost.dll
    0xFF730000 \Windows\System32\wininet.dll
    0xFF6E0000 \Windows\System32\Wldap32.dll
    0xFF640000 \Windows\System32\comdlg32.dll
    0x774D0000 \Windows\System32\kernel32.dll
    0xFF510000 \Windows\System32\rpcrt4.dll
    0xFF440000 \Windows\System32\usp10.dll
    0xFF3A0000 \Windows\System32\autochk.exe
    0xFF1C0000 \Windows\System32\setupapi.dll
    0xFF140000 \Windows\System32\difxapi.dll
    0xFF110000 \Windows\System32\imm32.dll
    0xFF030000 \Windows\System32\advapi32.dll
    0xFEDD0000 \Windows\System32\iertutil.dll
    0xFEBC0000 \Windows\System32\ole32.dll
    0xFEB70000 \Windows\System32\ws2_32.dll
    0xFDDE0000 \Windows\System32\shell32.dll
    0x778B0000 \Windows\System32\normaliz.dll
    0xFDD60000 \Windows\System32\shlwapi.dll
    0xFDBE0000 \Windows\System32\urlmon.dll
    0xFDAD0000 \Windows\System32\msctf.dll
    0xFDA30000 \Windows\System32\clbcatq.dll
    0xFDA20000 \Windows\System32\lpk.dll
    0xFD9E0000 \Windows\System32\wintrust.dll
    0xFD940000 \Windows\System32\comctl32.dll
    0xFD900000 \Windows\System32\cfgmgr32.dll
    0xFD890000 \Windows\System32\KernelBase.dll
    0xFD870000 \Windows\System32\devobj.dll
    0xFD700000 \Windows\System32\crypt32.dll
    0xFD6F0000 \Windows\System32\msasn1.dll
    0x76ED0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 66):
    0 System Idle Process
    4 System
    316 C:\Windows\System32\smss.exe
    448 csrss.exe
    488 C:\Windows\System32\wininit.exe
    496 csrss.exe
    552 C:\Windows\System32\winlogon.exe
    588 C:\Windows\System32\services.exe
    600 C:\Windows\System32\lsass.exe
    608 C:\Windows\System32\lsm.exe
    708 C:\Windows\System32\svchost.exe
    776 C:\Windows\System32\svchost.exe
    824 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    652 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\spoolsv.exe
    1228 C:\Windows\System32\svchost.exe
    1332 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1352 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    1392 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    1436 C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    1492 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    1608 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    1804 C:\Windows\System32\taskhost.exe
    1916 C:\Windows\System32\dwm.exe
    1964 C:\Windows\explorer.exe
    1004 C:\Windows\System32\svchost.exe
    2180 C:\Windows\System32\igfxtray.exe
    2188 C:\Windows\System32\hkcmd.exe
    2196 C:\Windows\System32\igfxpers.exe
    2288 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2348 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    2356 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    2364 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    2372 C:\Program Files\Java\jre6\bin\jusched.exe
    2416 WmiPrvSE.exe
    2576 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2764 C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    2884 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    2904 C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    2972 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2464 C:\Windows\System32\SearchIndexer.exe
    3924 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3940 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3988 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    4092 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    796 C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    3440 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    3476 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    3512 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    2612 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    3620 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    3852 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    3300 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3004 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    1768 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2168 C:\Windows\System32\wuauclt.exe
    3492 C:\Windows\System32\svchost.exe
    3880 C:\Windows\System32\audiodg.exe
    4956 C:\Windows\System32\SearchProtocolHost.exe
    4564 C:\Windows\System32\SearchFilterHost.exe
    4240 C:\Windows\System32\dllhost.exe
    3904 C:\Users\clehigh\Desktop\setup\MBRCheck(2).exe
    3444 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`b6500000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000003a`32300000 (FAT32)

    PhysicalDrive0 Model Number: TOSHIBAMK2565GSX, Rev: GJ002C

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 29196BA4D6CD470243825DB6F926334F6C5DC409


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  18. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    sorry about that,missed it from earlier
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  20. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    i don't have any blank cd's...is there an alternative to this step?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Unfortunately, not. You'll have to get one.
     
  22. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    Ok,my computer was brought to a manageable level following your steps so I will have to wait until i can make that cd you requested.Thanks for the help so far! I will post here when I've gotten to the next step.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, do it as quickly as possible, because using in infected computer for a longer time will make things only worse and we'll have to re-run all scans.
     
  24. limpylegs

    limpylegs TS Rookie Topic Starter Posts: 26

    would you still like me to rerun all the scans we have discussed?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    My reply #19, yes.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...