Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect (FireFox)


  • Please log in to reply
20 replies to this topic

#1 cruz878

cruz878

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 16 September 2010 - 12:01 PM

I am experiencing intermittent Google redirects when clicking search results in Firefox to Infomash and other garbage sites. I suspect an MDB rootkit but have been unable to determine a cause.

I cleaned up some suspect files with various tools and as of my most recent scans below everything comes back clean however the problem persists.

AVAST AntiRootKit shows no infection.
Sophos AntiRootKit shows no infection.
MalwareBytes shows no infection.
Symantec EndPoint protections shows no infection.

OS: Windows 7 64bit

DDS (Ver_10-03-17.01) - NTFSX64
Run by cruz at 12:51:34.68 on Thu 09/16/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4031.2377 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Symantec AntiVirus\Smc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Intel\AMT\atchksrv.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Intel\AMT\UNS.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files (x86)\Symantec AntiVirus\SmcGui.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\cruz\Desktop\Cleanup\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [vmware-tray] "c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe"
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
Trusted Zone: magicjack.com\web08
Trusted Zone: oracle.com
Trusted Zone: oracle.com\conference
DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://van.webex.com/client/wbs26-vzbprodcn/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun-x64: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\cruz\appdata\roaming\mozilla\firefox\profiles\4fs14yko.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\cruz\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 30520]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\common files\juniper networks\juns\dsAccessService.exe [2009-8-17 124200]
R2 SWIHPWMI;SWIHPWMI;c:\program files (x86)\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files (x86)\symantec antivirus\Rtvscan.exe [2009-9-17 2477304]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files (x86)\intel\amt\UNS.exe [2010-2-15 1464856]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
R2 vmware-converter-agent;VMware vCenter Converter Agent;c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter-a.exe [2009-4-17 428592]
R2 vmware-converter-server;VMware vCenter Converter Server;c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter.exe [2009-4-17 428592]
R2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;c:\program files (x86)\vmware\vmware vcenter converter standalone\vstor2-mntapi10.sys [2009-4-17 32816]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 54824]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-4-15 300032]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-12-20 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 132656]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2007-7-12 70168]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-10-2 6816256]
R3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\drivers\rismcx64.sys [2010-6-8 59008]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscir64.sys [2007-4-25 37760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 32768]
S3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\syswow64\drivers\bmdrvr.sys [2009-4-17 34864]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\280.tmp [2010-9-16 6144]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2007-3-1 3141120]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-9-28 19544]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 448512]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]

=============== Created Last 30 ================

2010-09-16 16:18:34 6144 ------w- c:\windows\system32\280.tmp
2010-09-16 16:18:00 6144 ------w- c:\windows\system32\7B28.tmp
2010-09-16 16:17:48 0 d-----w- c:\program files (x86)\Sophos
2010-09-16 16:02:35 436 ----a-w- c:\windows\syswow64\PARTILOG.EXE
2010-09-16 16:01:01 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-16 16:01:01 150 ----a-w- c:\windows\syswow64\Partizan.RRI
2010-09-16 15:59:09 2 --shatr- c:\windows\winstart.bat
2010-09-16 15:59:09 2 --shatr- c:\windows\syswow64\CONFIG.NT
2010-09-16 15:59:09 2 --shatr- c:\windows\syswow64\AUTOEXEC.NT
2010-09-16 15:58:36 0 d-----w- c:\program files (x86)\UnHackMe
2010-09-15 22:26:50 0 ----a-w- c:\users\cruz\defogger_reenable
2010-09-15 14:13:44 0 d-----w- c:\users\cruz\appdata\roaming\Malwarebytes
2010-09-15 14:13:36 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 14:13:36 0 d-----w- c:\programdata\Malwarebytes
2010-09-15 14:13:36 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-15 04:25:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 04:25:13 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-14 23:28:13 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-14 23:27:05 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-07 03:02:45 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-07 03:02:45 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-07 03:02:45 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-07 03:02:33 0 d-----w- c:\program files\Symantec
2010-09-07 03:02:16 503808 ----a-w- c:\windows\syswow64\MSVCP71.DLL
2010-09-07 03:02:16 348160 ----a-w- c:\windows\syswow64\MSVCR71.DLL
2010-09-07 03:02:16 1060864 ----a-w- c:\windows\syswow64\MFC71.DLL
2010-09-07 03:01:25 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-07 03:01:25 0 d-----w- c:\program files (x86)\Symantec AntiVirus
2010-09-07 02:47:21 662288 ----a-w- c:\windows\syswow64\MSCOMCT2.OCX
2010-09-07 02:47:21 137000 ----a-w- c:\windows\syswow64\MSMAPI32.OCX
2010-09-07 02:47:19 23552 ----a-w- c:\windows\syswow64\MSMPIDE.DLL
2010-09-07 02:47:19 0 d-----w- c:\program files (x86)\PDFCreator
2010-08-27 14:37:57 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-27 14:37:57 571904 ----a-w- c:\windows\syswow64\oleaut32.dll

==================== Find3M ====================

2010-09-13 23:20:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-14 00:41:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01009.Wdf
2010-08-01 17:06:24 968752 ----a-w- c:\windows\system32\vnetlib64.dll
2010-08-01 17:06:14 18480 ----a-w- c:\windows\system32\drivers\VMparport.sys
2010-08-01 17:06:10 80944 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-08-01 17:06:08 68656 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-08-01 17:05:44 399920 ----a-w- c:\windows\syswow64\vmnat.exe
2010-08-01 17:05:30 334384 ----a-w- c:\windows\syswow64\vmnetdhcp.exe
2010-08-01 17:04:22 31792 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-01 17:04:12 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-01 15:39:10 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-08-01 15:12:36 252464 ----a-w- c:\windows\syswow64\vmnc.dll
2010-08-01 13:18:24 56880 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-08-01 13:18:24 55344 ----a-w- c:\windows\system32\vnetinst.dll
2010-08-01 13:18:24 45104 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-08-01 13:18:24 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-08-01 13:18:24 24112 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-08-01 13:18:24 20016 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-16 19:04:14 19256 ----a-w- c:\windows\system32\HPMDPCoInst11.dll
2010-07-16 19:03:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2010-07-16 19:03:54 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-08-09 00:37:54 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:51:50.63 ===============

GMER does not run as it appears to be a 16bit application.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 AM

Posted 25 September 2010 - 06:27 AM

Edited.

Sorry, shelf life smile.gif

Edited by m0le, 25 September 2010 - 06:27 AM.

Posted Image
m0le is a proud member of UNITE

#3 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:26 AM

Posted 25 September 2010 - 06:37 AM

hi cruz878,

Your log is a few days old. If you still need help post back.

I believe that 64bit OS are immune to rootkits due to new features in Windows 7. At least for now anyway. As history knows that is sure to change.

How Can I Reduce My Risk to Malware?


#4 cruz878

cruz878
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 25 September 2010 - 09:03 AM

I am still experiencing redirects in Google search results. Everything I have found up until this point seems to indicate I have new strain of the TDL3 rootkit that utilizes a changed MBR to infect 64bit Windows 7 installations.

Apparently HitMan Pro 3.5 is supposed to be able to clean this however multiple scans with it have not been able to identify or resolve my issue. I also tried running fixmbr from a windows 7 boot CD but am still experiencing occassional redirects.

#5 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:26 AM

Posted 25 September 2010 - 09:34 AM

ok. I think TDSSkiller will run on Windows 7 and 64bit. It should say so anyway on the site:

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically selects an action (Cure or Delete) for known malacious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might be required after disinfection."

A report will be found in your Root drive Local Disk (C:) as TDSSKiller.2.4.0.0_01.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report

How Can I Reduce My Risk to Malware?


#6 cruz878

cruz878
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 25 September 2010 - 10:38 AM

Log file attached. I should note that I have tried this and several other tools over the last week. As the issue only seems to impact Firefox I have also uninstalled it, reinstall it confirmed the redirects still happen and have since uninstalled firefox and deleted it's registry keys. While the issue is no longer occuring as I am not using Firefox as of this moment, my concern is that there is still and underlying infection that could compromise my data.

Attached Files



#7 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:26 AM

Posted 25 September 2010 - 02:29 PM

Well my other suggestions would be combofix which isnt supported on a 64bit machine. You can try gooredFix but I cant tell you if it will run on a 64bit. Gooredfix targets a malicious hidden firefox plugin and will solve the problem assuming thats the cause.
If you have completely removed and reinstalled firefox then that should have taken care of it assuming again thats what causing the redirects. If gooredfix wont run on your machine you can try disabling java in firefox.
Tools > Options > Content tab by unchecking Enable JavaScript and see if that helps.


http://jpshortstuff.247fixes.com/GooredFix.exe

download GooredFix, close firefox and double click the icon.
follow the prompts, post the log it generates on your desktop, gooredFix.txt
restart firefox and check for re-directs.

How Can I Reduce My Risk to Malware?


#8 cruz878

cruz878
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 26 September 2010 - 10:23 AM

I reinstalled Firefox and confirmed the redirect issue is still occurring. I then ran Goored (log attached). Redirecting still occurs.

Next I tried your suggestion of disabling JavaScript in Firefox: initial testing seems to indicate with JS turned off the re-directs stop.

Attached Files



#9 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:26 AM

Posted 26 September 2010 - 03:58 PM

I dont see anything malicious in the gooredfix log. Do a online scan and see if it can dig up anything:

ESET online scanner:

http://www.eset.com/onlinescan/

Use Internet Explorer
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
click scan. When it completes click "List found threats"
click "Export to text file.." and save it to your desktop. Post the saved log.
Click "back" and "finish"


How Can I Reduce My Risk to Malware?


#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:26 AM

Posted 26 September 2010 - 06:15 PM

Just to make sure, the re-directs only happen in FireFox, correct?

Clear the Java Plug-in cache:

Click Start > Control Panel.
Using the Classic View option: Double-click the Java icon in the control panel to open Java Control Panel.
Under Temporary Internet Files: Click Settings to open Temporary Files dialog box.
Click Delete Files to open the Delete Temporary Files dialog box.
Make sure all the options are checked. Click OK.
Back at the Main Window click the update button and click the Update now button near the bottom.


After the install go to the add remove programs panel and uninstall any old versions of Java, i believe the latest version is:

Java 6, update21

How Can I Reduce My Risk to Malware?


#11 cruz878

cruz878
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 26 September 2010 - 07:52 PM

Yes, only Firefox appears to be impacted.

-ESET scan returned no threats.
-Java temporary files cleared.
-Only Java 6 Update 21 is installed.

Redirects still occurring in Firefox with Java enabled.

#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:26 AM

Posted 26 September 2010 - 08:58 PM

When you uninstalled FireFox you chose the option:

"Remove my Firefox personal data and customizations". This will also remove your Firefox user profile data (bookmarks, passwords, cookies, extensions, preferences, etc.)

From here.

How Can I Reduce My Risk to Malware?


#13 cruz878

cruz878
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 26 September 2010 - 10:06 PM

Yes, I chose the option to remove all data and customizations. I also searched the registry for "firefox" and deleted any keys found. I have however since reinstalled Firefox to confirm the redirects still occur.

#14 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:26 AM

Posted 27 September 2010 - 04:50 PM

I think we can rule out any malware since you only get re-directs in FF and not IE. Everything you ran also is coming up clean. Disabling Java seems to stop the redirects. Read this and see if you want to try it. Its almost a year old but might be worth a try since gooredfix didnt work. Another article here. At the least we know what we are dealing with.
Can you post a new DDS log also.

Edited by shelf life, 27 September 2010 - 05:35 PM.

How Can I Reduce My Risk to Malware?


#15 cruz878

cruz878
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 28 September 2010 - 12:55 PM

As I have completey removed and reinstalled Firefox there are no plugins. I was unable to go beyond step 1 of the spillspace article.

Since all of my 32 bit applications are installed in C:\Program Files (x86)\, could it be that utilities such as Goored are looking in the 64bit application path C:\Program Files?

Updated DDS log below:

DDS (Ver_10-03-17.01) - NTFSX64
Run by cruz at 13:48:57.42 on Tue 09/28/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4031.2072 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Symantec AntiVirus\Smc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Intel\AMT\atchksrv.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Intel\AMT\UNS.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec AntiVirus\SmcGui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Symantec AntiVirus\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\cruz\Desktop\Cleanup\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [vmware-tray] "c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
Trusted Zone: magicjack.com\web08
Trusted Zone: oracle.com
Trusted Zone: oracle.com\conference
DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://van.webex.com/client/wbs26-vzbprodcn/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun-x64: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\cruz\appdata\roaming\mozilla\firefox\profiles\bbxdeoyt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\cruz\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 30520]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\common files\juniper networks\juns\dsAccessService.exe [2009-8-17 124200]
R2 SWIHPWMI;SWIHPWMI;c:\program files (x86)\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files (x86)\symantec antivirus\Rtvscan.exe [2009-9-17 2477304]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files (x86)\intel\amt\UNS.exe [2010-2-15 1464856]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator.exe [2010-9-21 539184]
R2 vmware-converter-agent;VMware vCenter Converter Agent;c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter-a.exe [2009-4-17 428592]
R2 vmware-converter-server;VMware vCenter Converter Server;c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter.exe [2009-4-17 428592]
R2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;c:\program files (x86)\vmware\vmware vcenter converter standalone\vstor2-mntapi10.sys [2009-4-17 32816]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 54824]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-4-15 300032]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-12-20 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 132656]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2007-7-12 70168]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-10-2 6816256]
R3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\drivers\rismcx64.sys [2010-6-8 59008]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscir64.sys [2007-4-25 37760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 32768]
S3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\syswow64\drivers\bmdrvr.sys [2009-4-17 34864]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2007-3-1 3141120]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-9-28 19544]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 448512]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]

=============== Created Last 30 ================

2010-09-26 14:36:51 18816 ------w- c:\windows\syswow64\SAVRKBootTasks.sys
2010-09-26 14:09:28 80944 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-09-26 14:09:25 68656 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-09-26 14:09:25 30768 ----a-w- c:\windows\system32\drivers\VMparport.sys
2010-09-26 14:08:53 334384 ----a-w- c:\windows\syswow64\vmnetdhcp.exe
2010-09-26 14:08:52 404016 ----a-w- c:\windows\syswow64\vmnat.exe
2010-09-26 14:08:51 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-09-26 14:08:47 968752 ----a-w- c:\windows\system32\vnetlib64.dll
2010-09-26 14:08:24 31792 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-09-26 14:08:21 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-09-26 14:07:08 0 d-----w- c:\program files (x86)\common files\VMware
2010-09-22 03:15:49 0 d-----w- C:\Boot
2010-09-22 03:09:44 536870912 --sha-w- C:\WinPEpge.sys
2010-09-22 03:09:42 383562 --sha-r- C:\bootmgr
2010-09-22 03:09:42 0 d-----w- C:\$WINDOWS.~BT
2010-09-21 18:02:16 0 d-----w- c:\program files\Hitman Pro 3.5
2010-09-21 05:15:54 252464 ----a-w- c:\windows\syswow64\vmnc.dll
2010-09-21 03:18:14 56880 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-09-21 03:18:14 55344 ----a-w- c:\windows\system32\vnetinst.dll
2010-09-21 03:18:14 45104 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-09-21 03:18:14 24112 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-09-21 03:18:14 20016 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-09-20 22:56:19 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-20 22:56:01 0 d-----w- c:\programdata\Hitman Pro
2010-09-17 22:23:49 0 d-----w- c:\programdata\Sun
2010-09-17 22:23:30 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-09-17 22:23:30 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-17 22:23:30 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-17 22:23:30 145184 ----a-w- c:\windows\syswow64\java.exe
2010-09-17 19:11:57 0 d-----w- c:\program files (x86)\ESET
2010-09-16 16:17:48 0 d-----w- c:\program files (x86)\Sophos
2010-09-16 16:02:35 436 ----a-w- c:\windows\syswow64\PARTILOG.EXE
2010-09-16 16:01:01 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-09-16 16:01:01 150 ----a-w- c:\windows\syswow64\Partizan.RRI
2010-09-16 15:59:09 2 --shatr- c:\windows\winstart.bat
2010-09-16 15:59:09 2 --shatr- c:\windows\syswow64\CONFIG.NT
2010-09-16 15:59:09 2 --shatr- c:\windows\syswow64\AUTOEXEC.NT
2010-09-15 14:13:44 0 d-----w- c:\users\cruz\appdata\roaming\Malwarebytes
2010-09-15 14:13:36 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 14:13:36 0 d-----w- c:\programdata\Malwarebytes
2010-09-15 14:13:36 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-15 04:25:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 04:25:13 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-14 23:28:13 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-14 23:27:05 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-07 03:02:45 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-07 03:02:45 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-07 03:02:45 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-07 03:02:33 0 d-----w- c:\program files\Symantec
2010-09-07 03:02:16 503808 ----a-w- c:\windows\syswow64\MSVCP71.DLL
2010-09-07 03:02:16 348160 ----a-w- c:\windows\syswow64\MSVCR71.DLL
2010-09-07 03:02:16 1060864 ----a-w- c:\windows\syswow64\MFC71.DLL
2010-09-07 03:01:25 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-07 03:01:25 0 d-----w- c:\program files (x86)\Symantec AntiVirus
2010-09-07 02:47:21 662288 ----a-w- c:\windows\syswow64\MSCOMCT2.OCX
2010-09-07 02:47:21 137000 ----a-w- c:\windows\syswow64\MSMAPI32.OCX
2010-09-07 02:47:19 23552 ----a-w- c:\windows\syswow64\MSMPIDE.DLL
2010-09-07 02:47:19 0 d-----w- c:\program files (x86)\PDFCreator

==================== Find3M ====================

2010-09-13 23:20:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-14 00:41:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01009.Wdf
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-16 19:04:14 19256 ----a-w- c:\windows\system32\HPMDPCoInst11.dll
2010-07-16 19:03:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2010-07-16 19:03:54 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-08-09 00:37:54 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:49:18.14 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users