Inactive Firefox redirects

Status
Not open for further replies.
L

limpylegs

Posts: 26   +0
Hey guys,firefox has been redirecting me to sites like canine and roxifind,I ran a full system virus scan,spybot,and ccleaner and it's still doing it.I then ran hijack this but don't know how to interpret the finding's could you tell me what's wrong? also my windows host rundll32 has stopped working.
 

Attachments

  • log2.txt
    16.4 KB · Views: 0
here is the windows error for the windows host process(rundll32) has stopped working,i'm using windows 7

Problem signature:
Problem Event Name: BEX
Application Name: rundll32.exe
Application Version: 6.1.7600.16385
Application Timestamp: 4a5bc637
Fault Module Name: StackHash_0a9e
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset: 00000000
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
 
Ok followed all the instructions,it seems to be working a lot better but i wanted to double check with you guys before making any conclusions.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5001

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/30/2010 7:01:06 PM
mbam-log-2010-10-30 (19-01-06).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 313019
Time elapsed: 1 hour(s), 3 minute(s), 55 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 3
Registry Keys Infected: 102
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 39

Memory Processes Infected:
c:\programdata\ir50_qc32.exe (Trojan.Tracur) -> Unloaded process successfully.
c:\programdata\api-ms-win-core-memory-l1-1-032.exe (Trojan.Tracur) -> Unloaded process successfully.
C:\ProgramData\WsmRes32.exe (Trojan.Tracur) -> Unloaded process successfully.
C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-032.exe (Trojan.Tracur) -> Unloaded process successfully.

Memory Modules Infected:
C:\ProgramData\ir50_qc32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\D91F.tmp (Trojan.Tracur) -> Delete on reboot.
C:\Users\clehigh\AppData\Local\KBDLes.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vss32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1915590a-ead8-83b5-faa2-70e93fa820cd} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1915590a-ead8-83b5-faa2-70e93fa820cd} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6e91e3c-6fc0-df9a-6f90-ec10acaa7051} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6e91e3c-6fc0-df9a-6f90-ec10acaa7051} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b02f530b-5a61-653b-f6cd-967c79271e6a} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b02f530b-5a61-653b-f6cd-967c79271e6a} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1cf1665-b497-b3a3-d7a1-100f19163d22} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1cf1665-b497-b3a3-d7a1-100f19163d22} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09794aad-bd6c-4e4b-b0f7-cc81335a2145} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09794aad-bd6c-4e4b-b0f7-cc81335a2145} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{227276bb-4b9a-75da-3dca-66fb7219f22c} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227276bb-4b9a-75da-3dca-66fb7219f22c} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2909414b-5416-b9b4-ef70-b405692858ec} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2909414b-5416-b9b4-ef70-b405692858ec} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3bac86e3-3df7-81ee-4147-55f42eed5f2d} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3bac86e3-3df7-81ee-4147-55f42eed5f2d} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3ecbb1e6-d40f-32ce-7cee-9daf87800363} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ecbb1e6-d40f-32ce-7cee-9daf87800363} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4f704af0-bbf2-6cf7-c502-2131ec65acb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f704af0-bbf2-6cf7-c502-2131ec65acb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5ab42b4d-a790-80a9-5303-e90a1ac2b7bd} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ab42b4d-a790-80a9-5303-e90a1ac2b7bd} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e571a72-906e-d8f5-ae9e-a8683f651cf0} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e571a72-906e-d8f5-ae9e-a8683f651cf0} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9aa43ddf-8321-cbe8-e190-23377f4d6546} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9aa43ddf-8321-cbe8-e190-23377f4d6546} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0ab2b8f-a516-9e55-680e-3dbad3cc4329} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0ab2b8f-a516-9e55-680e-3dbad3cc4329} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4b20b57-6288-c136-78ff-59afed22a8d4} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4b20b57-6288-c136-78ff-59afed22a8d4} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5175f41-2409-89a9-cebf-620a8c054b5b} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5175f41-2409-89a9-cebf-620a8c054b5b} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab28655b-396d-92ce-6e4f-7cf925a74087} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab28655b-396d-92ce-6e4f-7cf925a74087} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4a6f399-ccc6-f735-6ccd-9dcb16a2e0f3} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4a6f399-ccc6-f735-6ccd-9dcb16a2e0f3} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb742680-e27d-ca62-0d40-60c86c5ab13e} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb742680-e27d-ca62-0d40-60c86c5ab13e} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7819f87-c1e1-4fc2-ad73-b3ad3b0e51be} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7819f87-c1e1-4fc2-ad73-b3ad3b0e51be} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d1c7d556-ad83-d463-33b0-5e19078bffd7} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1c7d556-ad83-d463-33b0-5e19078bffd7} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4b7da12-3e74-d531-2479-e3d7140276ce} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4b7da12-3e74-d531-2479-e3d7140276ce} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa9df4db-ca4c-15e1-81d8-f17ad0ad6b5f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa9df4db-ca4c-15e1-81d8-f17ad0ad6b5f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a257ecc-739c-a456-466f-b5d31916a2a3} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2a257ecc-739c-a456-466f-b5d31916a2a3} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a257ecc-739c-a456-466f-b5d31916a2a3} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6528e954-e5f3-1ef0-d267-46bd4d2f838d} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6528e954-e5f3-1ef0-d267-46bd4d2f838d} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{671a19dd-6141-e723-2f8e-fb842c5e7690} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{671a19dd-6141-e723-2f8e-fb842c5e7690} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{671a19dd-6141-e723-2f8e-fb842c5e7690} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6be07ae5-1e0a-45fb-379f-a219a2ea5a66} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6be07ae5-1e0a-45fb-379f-a219a2ea5a66} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{75730417-a7b1-fc72-cd7e-ac54f4bf0b0f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75730417-a7b1-fc72-cd7e-ac54f4bf0b0f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75730417-a7b1-fc72-cd7e-ac54f4bf0b0f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{760261e9-c6c5-4627-d749-b3abcf2beaa4} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{760261e9-c6c5-4627-d749-b3abcf2beaa4} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8768e79f-2b38-c5ad-9af2-d3234bb93030} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8768e79f-2b38-c5ad-9af2-d3234bb93030} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8768e79f-2b38-c5ad-9af2-d3234bb93030} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{984db96d-4451-3a41-2ea9-6516013bcfbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984db96d-4451-3a41-2ea9-6516013bcfbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dc368e2-1a39-7cc8-1c36-6bf2d8e1097d} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dc368e2-1a39-7cc8-1c36-6bf2d8e1097d} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e53a81d-6546-0daf-b527-809955bbac9f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e53a81d-6546-0daf-b527-809955bbac9f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae47905e-d085-43ae-a9f5-c4b47f3be4be} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae47905e-d085-43ae-a9f5-c4b47f3be4be} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8885e08-7791-0360-73cc-b83e3d3b4065} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8885e08-7791-0360-73cc-b83e3d3b4065} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb8b1c4a-bd21-e672-41b9-aafb0c774dbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb8b1c4a-bd21-e672-41b9-aafb0c774dbc} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3a50f56-7ce9-f132-801e-51c7a9e18ebd} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3a50f56-7ce9-f132-801e-51c7a9e18ebd} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de4710dc-6b55-902c-5f2d-83ee5656210f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de4710dc-6b55-902c-5f2d-83ee5656210f} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2289070-4be2-5d07-6b02-2b51af1880ca} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2289070-4be2-5d07-6b02-2b51af1880ca} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e36b19ed-9563-9d9d-8588-ff08cd500617} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e36b19ed-9563-9d9d-8588-ff08cd500617} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e36b19ed-9563-9d9d-8588-ff08cd500617} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eab687bc-04b6-b738-98cd-d2461418f512} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eab687bc-04b6-b738-98cd-d2461418f512} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1077ebc-c0d2-42f6-c66f-850378bea7ad} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1077ebc-c0d2-42f6-c66f-850378bea7ad} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4bcdab2-b9e4-cbc7-21ae-4dc7c43d7223} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4bcdab2-b9e4-cbc7-21ae-4dc7c43d7223} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f5ae2ef1-bb7e-4aad-c742-27e6114b9d18} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5ae2ef1-bb7e-4aad-c742-27e6114b9d18} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f5ea6a42-d6e4-45ef-1131-752c31963c3a} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5ea6a42-d6e4-45ef-1131-752c31963c3a} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wersvc32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01d4a14f-1259-42dd-be2b-b0c27c7f7eb1} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewijoziyi (Trojan.Hiloti) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\programdata\ir50_qc32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\programdata\api-ms-win-core-memory-l1-1-032.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\programdata\api-ms-win-core-misc-l1-1-032.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://dymasearch.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\1985737549 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\clehigh\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\ir50_qc32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\ir50_qc32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\D91F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\programdata\api-ms-win-core-memory-l1-1-032.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\WsmRes32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-032.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\clehigh\AppData\Local\KBDLes.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\clehigh\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1808284557c1 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1808284557c2 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1808284557c3 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1808284557c4 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
C:\ProgramData\iscsidsc32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\iTVData32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\clehigh\Desktop\setup\QuickTime_Update_KB118012.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\api-ms-win-core-localregistry-l1-1-032.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\duwkr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\System32\iscsium32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\iTVData32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\jffy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\System32\pdqe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\31AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\F316.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\duwkr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\iscsium32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\iTVData32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jffy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\pdqe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\31AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\D91F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F316.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\GnuHashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------------------------------
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-30 19:30:26
Windows 6.1.7600
Running: q3f2233u.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x31 0x69 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0x9E 0x3C 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x8D 0xC0 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0xF8 0x63 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x31 0x69 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0x9E 0x3C 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x8D 0xC0 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0xF8 0x63 0x3A ...

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by clehigh at 19:30:43.37 on Sat 10/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.778 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\clehigh\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {C9530B04-ACEC-4428-B001-B9A99F124F73} = 69.78.96.14 66.174.92.14
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\clehigh\AppData\Roaming\Mozilla\Firefox\Profiles\him0rrrp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: google.toolbar.linkdoctor.enabled - false
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys [2010-10-30 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys [2010-10-30 221232]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [2010-10-30 676912]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys [2010-10-30 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSVia64.sys [2010-10-30 466992]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys [2010-10-30 149552]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys [2010-10-30 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-30 132656]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2010-10-22 70672]
R3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2010-10-22 173456]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2010-10-22 173456]
R3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2010-10-22 12688]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2010-10-22 141840]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-27 295424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-27 1088544]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

=============== Created Last 30 ================

2010-10-30 21:54:24 -------- d-----w- C:\Users\clehigh\AppData\Roaming\Malwarebytes
2010-10-30 21:53:45 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-30 21:53:44 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-30 21:53:44 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-30 21:53:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-30 19:55:03 -------- d-----w- C:\PROGRA~3\Recovery
2010-10-30 18:49:40 -------- d-----w- C:\Windows\pss
2010-10-30 18:30:36 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-30 17:15:18 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-30 17:15:18 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2010-10-30 17:15:18 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2010-10-30 17:15:14 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-10-30 17:14:39 -------- d-----w- C:\Program Files\Symantec
2010-10-30 17:14:39 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-10-30 17:13:54 505392 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtsp64.sys
2010-10-30 17:13:54 451120 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys
2010-10-30 17:13:54 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys
2010-10-30 17:13:54 32304 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtspx64.sys
2010-10-30 17:13:54 221232 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys
2010-10-30 17:13:54 149552 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys
2010-10-30 17:13:53 615040 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys
2010-10-30 17:13:40 -------- d-----w- C:\Windows\System32\drivers\N360x64\0401000.020
2010-10-30 17:13:40 -------- d-----w- C:\Windows\System32\drivers\N360x64
2010-10-30 17:13:38 -------- d-----w- C:\Program Files (x86)\Norton 360
2010-10-30 17:10:54 -------- d-----w- C:\PROGRA~3\PCSettings
2010-10-30 16:56:41 -------- d-----w- C:\Users\clehigh\AppData\Roaming\Tific
2010-10-30 16:56:40 -------- d-----w- C:\Users\clehigh\AppData\Local\Symantec
2010-10-30 15:52:50 -------- d-----w- C:\Windows\SysWow64\842164071
2010-10-29 22:34:40 -------- d-sh--w- C:\System Volume Data
2010-10-28 20:50:16 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-28 20:36:58 -------- d-----w- C:\Users\clehigh\AppData\Roaming\HP Support Assistant
2010-10-26 03:40:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-26 03:40:50 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-25 00:30:58 -------- d-----w- C:\Users\clehigh\AppData\Local\Adobe
2010-10-25 00:28:52 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2010-10-24 22:32:31 -------- d-----w- C:\Program Files (x86)\Microsoft Streets & Trips 2010
2010-10-24 22:30:58 -------- d-----w- C:\Program Files (x86)\MSECache
2010-10-24 17:31:09 828912 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-10-24 17:30:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2010-10-24 17:18:20 -------- d-----w- C:\Users\clehigh\AppData\Roaming\DAEMON Tools Pro
2010-10-24 17:18:20 -------- d-----w- C:\PROGRA~3\DAEMON Tools Pro
2010-10-24 01:04:27 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-10-23 23:48:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-10-23 23:48:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-10-23 23:48:01 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-10-23 23:48:01 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-10-23 23:46:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-23 23:45:34 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-23 23:45:34 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-23 23:45:33 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-23 23:45:33 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-23 23:45:33 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-23 23:45:23 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-23 23:45:23 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-23 23:45:22 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-23 23:45:21 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-23 23:43:34 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-10-23 23:43:34 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-10-23 23:43:32 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-23 23:43:32 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-23 23:06:26 -------- d-----w- C:\Users\clehigh\AppData\Local\CyberLink
2010-10-23 22:19:54 -------- d-----w- C:\Windows\SysWow64\Wat
2010-10-23 22:19:54 -------- d-----w- C:\Windows\System32\Wat
2010-10-23 22:09:18 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-10-23 22:09:18 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-10-23 22:09:18 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-10-23 22:09:18 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-10-23 22:09:18 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-10-23 22:09:18 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-10-23 22:09:18 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-10-23 22:09:18 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-10-23 22:09:17 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-10-23 22:09:17 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-10-23 22:03:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-23 21:59:03 -------- d-----w- C:\Program Files (x86)\TelevisionFanaticEI
2010-10-23 11:24:32 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-10-23 11:24:30 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-10-23 11:24:30 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-10-23 11:24:29 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-10-23 11:24:28 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-10-23 11:24:28 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-10-23 11:21:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-23 11:21:43 641536 ----a-w- C:\Windows\SysWow64\CPFilters(24).dll
2010-10-23 11:21:42 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-10-23 11:21:42 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-23 11:21:42 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-10-23 11:21:42 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-23 11:21:42 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-23 11:21:42 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-23 11:21:42 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-23 11:05:18 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-23 11:05:18 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-10-23 09:09:51 -------- d-----w- C:\Users\clehigh\AppData\Local\AOL
2010-10-23 09:09:51 -------- d-----w- C:\Users\clehigh\AppData\Local\AIM
2010-10-23 09:09:44 -------- d-----w- C:\PROGRA~3\AIM
2010-10-23 09:09:40 -------- d-----w- C:\Program Files (x86)\AIM
2010-10-23 09:09:39 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2010-10-23 09:09:37 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2010-10-23 08:25:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-23 08:25:52 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-23 06:28:14 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-10-23 06:27:54 -------- d-----w- C:\Users\clehigh\AppData\Roaming\uTorrent
2010-10-23 06:24:49 -------- d-----w- C:\Program Files (x86)\Search Toolbar
2010-10-23 06:23:44 -------- d-----w- C:\Program Files (x86)\My RingTone Maker
2010-10-23 04:12:06 -------- d-sh--w- C:\PROGRA~3\SysWoW32
2010-10-23 04:11:54 203776 --sh--w- C:\PROGRA~3\unrar.exe
2010-10-23 04:11:30 -------- d-----w- C:\Users\clehigh\AppData\Local\CrashDumps
2010-10-23 04:08:59 -------- d-----w- C:\Users\clehigh\AppData\Local\Apple
2010-10-23 03:58:41 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2010-10-23 03:39:20 -------- d-----w- C:\Users\clehigh\AppData\Local\AskToolbar
2010-10-23 03:25:41 -------- d-----w- C:\Users\clehigh\AppData\Roaming\LimeWire
2010-10-23 03:25:30 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-10-23 03:25:06 -------- d-----w- C:\Program Files (x86)\LimeWire
2010-10-23 02:30:35 -------- d-----w- C:\Users\clehigh\AppData\Local\Mozilla
2010-10-23 01:41:34 -------- d-----w- C:\Users\clehigh\AppData\Roaming\Verizon Wireless
2010-10-23 01:40:49 -------- d-----w- C:\PROGRA~3\WEngineLite
2010-10-23 01:40:49 -------- d-----w- C:\PROGRA~3\Verizon Wireless
2010-10-23 01:39:19 141840 ----a-w- C:\Windows\System32\drivers\PTDUWWAN.sys
2010-10-23 01:39:19 12688 ----a-w- C:\Windows\System32\drivers\PTDUWFLT.sys
2010-10-23 01:39:19 111704 ----a-w- C:\Windows\SysWow64\PTDUWmcp64.dll
2010-10-23 01:39:19 111704 ----a-w- C:\Windows\System32\PTDUWmcp64.dll
2010-10-23 01:39:19 100952 ----a-w- C:\Windows\SysWow64\PTDUWmcp.dll
2010-10-23 01:39:19 100952 ----a-w- C:\Windows\System32\PTDUWmcp.dll
2010-10-23 01:39:18 70672 ----a-w- C:\Windows\System32\drivers\PTDUBus.sys
2010-10-23 01:39:18 173456 ----a-w- C:\Windows\System32\drivers\PTDUVsp.sys
2010-10-23 01:39:18 173456 ----a-w- C:\Windows\System32\drivers\PTDUMdm.sys
2010-10-23 01:39:18 -------- d-----w- C:\Program Files\PANTECH
2010-10-23 01:27:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-10-23 01:27:29 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-10-23 01:27:27 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-10-23 01:27:27 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-10-23 01:13:03 -------- d-----w- C:\Program Files (x86)\Verizon Wireless
2010-10-23 01:11:10 -------- d-----w- C:\Users\clehigh\AppData\Roaming\HpUpdate
2010-10-23 00:47:50 -------- d-----w- C:\Users\clehigh\AppData\Local\VirtualStore
2010-10-23 00:47:38 -------- d-----w- C:\Users\clehigh\AppData\Roaming\hpqlog
2010-10-23 00:47:35 -------- d-----w- C:\Users\clehigh\AppData\Local\Hewlett-Packard

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 19:32:07.79 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/22/2010 7:47:13 PM
System Uptime: 10/30/2010 7:05:03 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 1484
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 219 GiB total, 175.284 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.305 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM (UDF)
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/22/2010 7:48:20 PM - First_User_Boot
RP2: 10/22/2010 9:27:30 PM - Windows Update
RP3: 10/22/2010 9:40:08 PM - Installed VZAccess Manager.
RP4: 10/22/2010 11:47:42 PM - Removed Microsoft Office Home and Student 2007
RP5: 10/23/2010 12:09:17 AM - Installed QuickTime
RP6: 10/23/2010 4:25:11 AM - Installed Java(TM) 6 Update 22
RP7: 10/23/2010 6:02:59 PM - Windows Update
RP9: 10/24/2010 1:30:26 PM - SPTD setup V1.69
RP10: 10/24/2010 6:31:49 PM - Installed Microsoft Streets & Trips 2010
RP11: 10/24/2010 8:24:48 PM - Installed Adobe AIR
RP12: 10/25/2010 11:33:29 PM - Installed UpdateStar
RP13: 10/25/2010 11:38:13 PM - Removed UpdateStar
RP14: 10/26/2010 3:00:15 AM - Windows Update
RP15: 10/28/2010 6:31:58 PM - Windows Update
RP16: 10/30/2010 4:53:53 PM - HPSF Applying updates

==== Installed Programs ======================

µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.2 MUI
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AIM 7
Apple Application Support
Apple Software Update
Ask Toolbar
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
CCleaner
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Connect
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
HijackThis 2.0.2
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Setup
HP Smart Web Printing
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
HP Wireless Assistant
HPAsset component for HP Active Support Library
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
kuler
LabelPrint
LimeWire 5.5.16
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office Access database engine 2007 (English)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
muvee Reveal
Mystery P.I. - The New York Fortune
Norton 360
Norton Online Backup
Penguins!
Photoshop Camera Raw
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Spybot - Search & Destroy
Suite Shared Configuration CS4
TextTwist 2
Update for Microsoft Office Word 2007 (KB974631)
Update for Office 2007 (KB934528)
Virtual Families
Virtual Villagers - The Secret City
VZAccess Manager
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge

==== Event Viewer Messages From Past Week ========

10/30/2010 7:01:05 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 7:01:04 PM, Error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 7:01:04 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 12:04:11 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
10/30/2010 11:52:42 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
10/30/2010 11:43:18 AM, Error: Service Control Manager [7038] - The FontCache3.0.0.0 service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/30/2010 11:43:18 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not start due to a logon failure.
10/30/2010 11:37:57 AM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/30/2010 11:37:57 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
10/29/2010 10:50:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 4:35:19 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.120 with the system having network hardware address 00-1C-C0-CC-2F-1D. Network operations on this system may be disrupted as a result.
10/27/2010 12:32:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
10/25/2010 8:48:21 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 6 time(s).
10/25/2010 7:39:50 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 5 time(s).
10/25/2010 7:37:00 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 4 time(s).
10/25/2010 7:35:28 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
10/25/2010 7:34:12 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s).
10/23/2010 6:25:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/23/2010 6:19:59 PM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

==== End Of File ===========================
 
Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/30/2010 at 10:59 PM

Application Version : 4.45.1000

Core Rules Database Version : 5786
Trace Rules Database Version: 3598

Scan type : Quick Scan
Total Scan Time : 01:05:49

Memory items scanned : 589
Memory threats detected : 0
Registry items scanned : 1867
Registry threats detected : 0
File items scanned : 125369
File threats detected : 0
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario CQ62 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 206):
0x02A05000 \SystemRoot\system32\ntoskrnl.exe
0x02FE1000 \SystemRoot\system32\hal.dll
0x00BB7000 \SystemRoot\system32\kdcom.dll
0x00C77000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CBB000 \SystemRoot\system32\PSHED.dll
0x00CCF000 \SystemRoot\system32\CLFS.SYS
0x00D2D000 \SystemRoot\system32\CI.dll
0x00E9C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F40000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0108B000 \SystemRoot\System32\Drivers\spul.sys
0x011B2000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011BB000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x011EA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011F3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F82000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F97000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x01204000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01320000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01329000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01353000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0135E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0136E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01379000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E1A000 \SystemRoot\system32\drivers\N360x64\0401000.020\SYMDS64.SYS
0x013C5000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C00000 \SystemRoot\system32\drivers\N360x64\0401000.020\SYMEFA64.SYS
0x01450000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0163E000 \SystemRoot\System32\Drivers\msrpc.sys
0x0169C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016B6000 \SystemRoot\System32\Drivers\cng.sys
0x01729000 \SystemRoot\System32\drivers\pcw.sys
0x0173A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01858000 \SystemRoot\system32\drivers\ndis.sys
0x0194A000 \SystemRoot\system32\drivers\NETIO.SYS
0x019AA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01744000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0184A000 \SystemRoot\System32\Drivers\spldr.sys
0x01790000 \SystemRoot\System32\drivers\rdyboost.sys
0x019D5000 \SystemRoot\System32\Drivers\mup.sys
0x019E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017CA000 \SystemRoot\system32\DRIVERS\disk.sys
0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02F9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02FC7000 \SystemRoot\System32\Drivers\Null.SYS
0x02FD0000 \SystemRoot\System32\Drivers\Beep.SYS
0x02FD7000 \SystemRoot\System32\drivers\vga.sys
0x02E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02E25000 \SystemRoot\System32\drivers\watchdog.sys
0x02E35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E3E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02E47000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02E50000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E5B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x017E0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02FE5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x038A1000 \SystemRoot\system32\drivers\N360x64\0401000.020\SYMTDIV.SYS
0x03917000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x0394D000 \SystemRoot\system32\drivers\afd.sys
0x03800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03845000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0384E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03874000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0388A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x039D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01430000 \SystemRoot\system32\DRIVERS\termdd.sys
0x013D9000 \SystemRoot\system32\drivers\N360x64\0401000.020\Ironx64.SYS
0x00E88000 \SystemRoot\system32\drivers\N360x64\0401000.020\SRTSPX64.SYS
0x039F2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02FF2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03C9F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CF0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CFC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D07000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101028.001\IDSvia64.sys
0x03D82000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03C00000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x03C25000 \SystemRoot\System32\drivers\discache.sys
0x03C34000 \SystemRoot\System32\Drivers\dfsc.sys
0x0424B000 \SystemRoot\system32\drivers\N360x64\0401000.020\ccHPx64.sys
0x042E7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042F8000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx64.sys
0x04200000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04226000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0423C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A10000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04062000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04156000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0419C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x041A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04000000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04036000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C52000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04613000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x0473B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04748000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04794000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x047B2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04490000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x044E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x044E4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x044F3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04500000 \SystemRoot\System32\Drivers\a5tx2r0v.SYS
0x04543000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0454C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0455C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04572000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04596000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x045A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045D1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04400000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04421000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0443B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0443D000 \SystemRoot\system32\DRIVERS\ks.sys
0x045EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05408000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05462000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06080000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x062A7000 \SystemRoot\system32\drivers\portcls.sys
0x062E4000 \SystemRoot\system32\drivers\drmk.sys
0x06306000 \SystemRoot\system32\drivers\ksthunk.sys
0x0630C000 \SystemRoot\system32\DRIVERS\udfs.sys
0x06361000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05477000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0636F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06382000 \SystemRoot\system32\DRIVERS\PTDUBus.sys
0x06392000 \SystemRoot\system32\DRIVERS\PTDUMdm.sys
0x063BB000 \SystemRoot\system32\drivers\modem.sys
0x063CA000 \SystemRoot\system32\DRIVERS\PTDUVsp.sys
0x06000000 \SystemRoot\system32\DRIVERS\PTDUWWAN.sys
0x06035000 \SystemRoot\system32\DRIVERS\PTDUWFLT.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x06037000 \SystemRoot\System32\drivers\Dxapi.sys
0x06043000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00760000 \SystemRoot\System32\cdd.dll
0x00930000 \SystemRoot\System32\ATMFD.DLL
0x06051000 \SystemRoot\system32\drivers\luafv.sys
0x05593000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x055A8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x047C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x047D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02E6C000 \SystemRoot\system32\drivers\HTTP.sys
0x03C76000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04047000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02F34000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02842000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02890000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x028B3000 \SystemRoot\system32\drivers\peauth.sys
0x02959000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02964000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02991000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02C6D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02CD4000 \SystemRoot\System32\DRIVERS\srv.sys
0x02D6A000 \SystemRoot\system32\drivers\N360x64\0401000.020\SRTSP64.SYS
0x07A14000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101030.003\EX64.SYS
0x07BD2000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101030.003\ENG64.SYS
0x080BC000 \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
0x080CA000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x776F0000 \Windows\System32\ntdll.dll
0x47F70000 \Windows\System32\smss.exe
0xFFA10000 \Windows\System32\apisetschema.dll
0xFF3A0000 \Windows\System32\autochk.exe
0x775F0000 \Windows\System32\user32.dll
0xFF9E0000 \Windows\System32\imagehlp.dll
0x778C0000 \Windows\System32\psapi.dll
0xFF900000 \Windows\System32\oleaut32.dll
0xFF890000 \Windows\System32\gdi32.dll
0xFF880000 \Windows\System32\nsi.dll
0xFF860000 \Windows\System32\sechost.dll
0xFF730000 \Windows\System32\wininet.dll
0xFF6E0000 \Windows\System32\Wldap32.dll
0xFF640000 \Windows\System32\comdlg32.dll
0x774D0000 \Windows\System32\kernel32.dll
0xFF510000 \Windows\System32\rpcrt4.dll
0xFF440000 \Windows\System32\usp10.dll
0xFF3A0000 \Windows\System32\autochk.exe
0xFF1C0000 \Windows\System32\setupapi.dll
0xFF140000 \Windows\System32\difxapi.dll
0xFF110000 \Windows\System32\imm32.dll
0xFF030000 \Windows\System32\advapi32.dll
0xFEDD0000 \Windows\System32\iertutil.dll
0xFEBC0000 \Windows\System32\ole32.dll
0xFEB70000 \Windows\System32\ws2_32.dll
0xFDDE0000 \Windows\System32\shell32.dll
0x778B0000 \Windows\System32\normaliz.dll
0xFDD60000 \Windows\System32\shlwapi.dll
0xFDBE0000 \Windows\System32\urlmon.dll
0xFDAD0000 \Windows\System32\msctf.dll
0xFDA30000 \Windows\System32\clbcatq.dll
0xFDA20000 \Windows\System32\lpk.dll
0xFD9E0000 \Windows\System32\wintrust.dll
0xFD940000 \Windows\System32\comctl32.dll
0xFD900000 \Windows\System32\cfgmgr32.dll
0xFD890000 \Windows\System32\KernelBase.dll
0xFD870000 \Windows\System32\devobj.dll
0xFD700000 \Windows\System32\crypt32.dll
0xFD6F0000 \Windows\System32\msasn1.dll
0x76ED0000 \Windows\SysWOW64\normaliz.dll

Processes (total 66):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
448 csrss.exe
488 C:\Windows\System32\wininit.exe
496 csrss.exe
552 C:\Windows\System32\winlogon.exe
588 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
776 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
652 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\spoolsv.exe
1228 C:\Windows\System32\svchost.exe
1332 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1352 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1392 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1436 C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
1492 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1608 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
1804 C:\Windows\System32\taskhost.exe
1916 C:\Windows\System32\dwm.exe
1964 C:\Windows\explorer.exe
1004 C:\Windows\System32\svchost.exe
2180 C:\Windows\System32\igfxtray.exe
2188 C:\Windows\System32\hkcmd.exe
2196 C:\Windows\System32\igfxpers.exe
2288 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2348 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2356 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
2364 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
2372 C:\Program Files\Java\jre6\bin\jusched.exe
2416 WmiPrvSE.exe
2576 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2764 C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
2884 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2904 C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
2972 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2464 C:\Windows\System32\SearchIndexer.exe
3924 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3940 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3988 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4092 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
796 C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
3440 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3476 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
3512 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2612 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
3620 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
3852 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3300 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3004 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
1768 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2168 C:\Windows\System32\wuauclt.exe
3492 C:\Windows\System32\svchost.exe
3880 C:\Windows\System32\audiodg.exe
4956 C:\Windows\System32\SearchProtocolHost.exe
4564 C:\Windows\System32\SearchFilterHost.exe
4240 C:\Windows\System32\dllhost.exe
3904 C:\Users\clehigh\Desktop\setup\MBRCheck(2).exe
3444 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`b6500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000003a`32300000 (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK2565GSX, Rev: GJ002C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 29196BA4D6CD470243825DB6F926334F6C5DC409


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Ok,my computer was brought to a manageable level following your steps so I will have to wait until i can make that cd you requested.Thanks for the help so far! I will post here when I've gotten to the next step.
 
Please, do it as quickly as possible, because using in infected computer for a longer time will make things only worse and we'll have to re-run all scans.
 
Status
Not open for further replies.

Similar threads

Julio Franco
3 questions you'll definitely be asked at a tech interview
Replies
1
Views
366
passwordistaco
P
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz
Bob O'Donnell
This is what comes next for Amazon's Alexa
Replies
10
Views
889
Uncle Al
Uncle Al

Latest posts

Back