laptop might be infected

A site I go to was just hacked today and I didn't know it and i do believe I may have become infected. I got a pop up and a redirect to a fake scanner, but when i closed FF nothing happened and it didn't isntall and no processes showed up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:25 AM, on 9/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234304172203&h=9dc071e6a17e90526e01d560fefc0f3f/&filename=jinstall-6u12-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4220 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2860
Windows 6.0.6001 Service Pack 1

9/25/2009 3:17:42 PM
mbam-log-2009-09-25 (15-17-42).txt

Scan type: Quick Scan
Objects scanned: 79654
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Palmer\AppData\Local\Temp\xranwmcoes.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Palmer\AppData\Local\Temp\xwrnasmeco.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Palmer\AppData\Local\Temp\nrwxsecmao.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Palmer\AppData\Local\Temp\rnsaxmecow.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Palmer\AppData\Local\Temp\aoewncsxmr.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Palmer\AppData\Local\Temp\awrxsncemo.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Palmer\list.txt (Malware.Trace) -> Quarantined and deleted successfully.

DDS (Ver_09-09-24.01) - NTFSx86
Run by Palmer at 15:47:56.89 on Fri 09/25/2009
Internet Explorer: 7.0.6001.18000
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.1982.1142 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Palmer\Downloads\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234304172203&h=9dc071e6a17e90526e01d560fefc0f3f/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\palmer\appdata\roaming\mozilla\firefox\profiles\pce2rwvg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/boards/index.php
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-25 108289]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-9 193840]

=============== Created Last 30 ================

2009-09-25 15:25 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-25 15:25 --d----- c:\programdata\Avira
2009-09-25 15:25 --d----- c:\program files\Avira
2009-09-25 15:25 --d----- c:\progra~2\Avira
2009-09-25 15:12 --d----- c:\users\palmer\appdata\roaming\Malwarebytes
2009-09-25 15:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 15:12 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-25 15:12 --d----- c:\programdata\Malwarebytes
2009-09-25 15:12 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 15:12 --d----- c:\progra~2\Malwarebytes
2009-09-23 09:41 --d--r-- c:\program files\Skype
2009-09-21 00:18 --d----- c:\programdata\Apple Computer
2009-09-21 00:18 --d----- c:\programdata\Apple
2009-09-20 21:51 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-09-20 21:51 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-20 21:51 270,848 a------- c:\windows\system32\schannel.dll
2009-09-20 21:51 213,504 a------- c:\windows\system32\msv1_0.dll
2009-09-20 21:51 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-20 21:51 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-20 21:51 72,704 a------- c:\windows\system32\secur32.dll
2009-09-20 21:51 9,728 a------- c:\windows\system32\lsass.exe
2009-09-09 10:01 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-01 08:54 --d----- c:\users\palmer\Tracing
2009-09-01 08:54 --d----- c:\program files\Microsoft
2009-09-01 08:53 --d----- c:\program files\Windows Live SkyDrive
2009-09-01 08:53 --d----- c:\windows\PCHEALTH
2009-08-30 11:06 56 a---h--- c:\programdata\ezsidmv.dat
2009-08-30 11:06 56 a---h--- c:\progra~2\ezsidmv.dat
2009-08-30 11:01 --d----- c:\programdata\Skype

==================== Find3M ====================

2009-09-25 15:20 27,934 a------- c:\programdata\nvModes.dat
2009-09-25 15:20 27,934 a------- c:\progra~2\nvModes.dat
2009-08-14 12:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 11:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 11:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-18 11:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 11:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 04:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 08:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 07:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 07:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 05:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 14:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 14:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 14:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 14:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-03-10 03:00 51,200 a------- c:\windows\inf\infpub.dat
2009-03-10 03:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-09 21:19 86,016 a------- c:\windows\inf\infstor.dat
2009-02-09 19:17 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:48:49.23 ===============

Hello.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight Java(TM) 6 Update 12
  
• Click on the Uninstall/Change button at the top.
  

How is the machine running now?

I don't notice any difference.

Hello.
This doesn't look too bad. MBAM found some malicious files, but only in temp folder location, and DDS looks okay. Speed wise you probably wont notice any difference, but there doesn't appear to be any malware hiding.

Oh good...then it really is my laptop. Here I was hoping it wasn't.

Hold on, I didn't say I gave up yet.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Oh, I thought I was done and it really was my laptop that wasn't working. I thought it was a virus taht was causing it to overheat a lot...turns out i was wrong and my fan is broken ):

Darn. Problem is it's gonna be hard to fix that being a laptop, it's hard to access the fan area. You'll have to take it to a computer shop and let them take it apart.

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-28 09:41:56
Windows 6.0.6001 Service Pack 1
Running: 628l5x7d.exe; Driver: C:\Users\Palmer\AppData\Local\Temp\ufryapoc.sys


---- System - GMER 1.0.15 ----

SSDT A3FC1FBC ZwCreateThread
SSDT A3FC1FA8 ZwOpenProcess
SSDT A3FC1FAD ZwOpenThread
SSDT A3FC1FB7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 81CFEA18 4 Bytes [BC, 1F, FC, A3]
.text ntkrnlpa.exe!KeSetTimerEx + 624 81CFEBE8 4 Bytes [A8, 1F, FC, A3]
.text ntkrnlpa.exe!KeSetTimerEx + 640 81CFEC04 4 Bytes [AD, 1F, FC, A3]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CFEE18 4 Bytes [B7, 1F, FC, A3]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Please download SysProt AntiRootkit v1.0.1.0 by Swatkat

• Next run the file; *Note: If running vista right click and select run as administrator
  
• Once opened, navigate to the log tab and select all the areas including the hȋdden objects only box and click on the create log button
  
• A scan will start and then a window will pop up with two options, select scan all drives
  
• Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.
  

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8C476000
Module End: 8C481000
hȋdden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8C481000
Module End: 8C489000
hȋdden: Yes

Module Name: \??\C:\Users\Palmer\AppData\Local\Temp\ufryapoc.sys
Service Name: ufryapoc
Module Base: 971CF000
Module End: 971E4000
hȋdden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateThread
Address: A3FC1FBC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: A3FC1FA8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: A3FC1FAD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: A3FC1FB7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: PALMER-PC.GATEWAY.2WIRE.NET:49322
Remote Address: 185-131.AMAZON.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PALMER-PC.GATEWAY.2WIRE.NET:49319
Remote Address: GX-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PALMER-PC.GATEWAY.2WIRE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PALMER-PC:49299
Remote Address: LOCALHOST:49298
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PALMER-PC:49298
Remote Address: LOCALHOST:49299
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PALMER-PC:49297
Remote Address: LOCALHOST:49296
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PALMER-PC:49296
Remote Address: LOCALHOST:49297
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PALMER-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: PALMER-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: PALMER-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PALMER-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PALMER-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: PALMER-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PALMER-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PALMER-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PALMER-PC.GATEWAY.2WIRE.NET:53585
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PALMER-PC.GATEWAY.2WIRE.NET:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PALMER-PC.GATEWAY.2WIRE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PALMER-PC.GATEWAY.2WIRE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PALMER-PC:53586
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PALMER-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PALMER-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PALMER-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PALMER-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PALMER-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
No hȋdden files/folders found

Hello.
As said before, there isn't anything we can do here.

My laptop only overheats when I play games. I'm assuming geeksquad messed my laptop up cause it never did this before the HDD crash. Ah well, it sucked for gaming either way. Now all I have to do is find a way to activate my vista.

Alrite, are we cleaned up?