ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 02-25-2010, 10:14 PM   #1
Gigabyte Member
 
M0ddingMan1a's Avatar
 
Join Date: May 2005
Location: CA
Age: 25
Posts: 1,619
Default Adware in Firefox?

Im currently running on windows 7. Recently when im using firefox, a random pop up would appear saying i have been lucky visitor number whatever, and this happens on any website at all! then it takes me to a ad while in the current page i am at. Before every ad page loads, i see "loudmo". it has been lagging down my firefox, i dont think i have downloaded anything that would have added this adware. can i get some help on how to get rid of this?

__________________
Entertainment Rig// My FUll BLUE Rig:
CPU: AMD 64 Clawhammer 3400+//CPU: AMD Sempron 2600+
Mobo: DFI Lanparty UT 250gb//Mobo: Gigabyte GA-K8NS
RAM: 1 gig pc3200 Corsair XMS//RAM: 1 gig PC3200 PQi
Video Card: Ati AIW 9800pro 128mb//Video Card: Sapphire Ati 9600pro 128mb
HDs: 80gig Sata, 200gig ATA//HDs: 250gig WD, 80gig WD, 30gig WD, 13.5gig IBM
PSU: 500w X-Infinity//PSU: 500W Ultra-X Titanium Blue
M0ddingMan1a is offline   Reply With Quote
Sponsored Links
Old 02-26-2010, 01:47 AM   #2
Kilobyte Member
 
Join Date: May 2008
Posts: 269
Default

even if you don't think you downloaded any malicious items, id be on the safe side and download http://www.malwarebytes.org/
Sean89 is offline   Reply With Quote
Old 02-26-2010, 04:13 AM   #3
Gigabyte Member
 
M0ddingMan1a's Avatar
 
Join Date: May 2005
Location: CA
Age: 25
Posts: 1,619
Default

i have already scanned with malwarebytes anti malware, and it doesnt detect anything.
__________________
Entertainment Rig// My FUll BLUE Rig:
CPU: AMD 64 Clawhammer 3400+//CPU: AMD Sempron 2600+
Mobo: DFI Lanparty UT 250gb//Mobo: Gigabyte GA-K8NS
RAM: 1 gig pc3200 Corsair XMS//RAM: 1 gig PC3200 PQi
Video Card: Ati AIW 9800pro 128mb//Video Card: Sapphire Ati 9600pro 128mb
HDs: 80gig Sata, 200gig ATA//HDs: 250gig WD, 80gig WD, 30gig WD, 13.5gig IBM
PSU: 500w X-Infinity//PSU: 500W Ultra-X Titanium Blue
M0ddingMan1a is offline   Reply With Quote
Old 02-26-2010, 04:14 AM   #4
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 30,296
Default

Please follow this procedure here.

Please download Malwarebytes' Anti-Malware from here, here, here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
johnb35 is offline   Reply With Quote
Old 02-26-2010, 08:37 AM   #5
Gigabyte Member
 
M0ddingMan1a's Avatar
 
Join Date: May 2005
Location: CA
Age: 25
Posts: 1,619
Default

Alright Malwarebytes:

Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/26/2010 12:33:53 AM
mbam-log-2010-02-26 (00-33-53).txt

Scan type: Quick Scan
Objects scanned: 104280
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:57 AM, on 2/26/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Folder Guard\FGKey.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Winamp\elevator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6825 bytes
__________________
Entertainment Rig// My FUll BLUE Rig:
CPU: AMD 64 Clawhammer 3400+//CPU: AMD Sempron 2600+
Mobo: DFI Lanparty UT 250gb//Mobo: Gigabyte GA-K8NS
RAM: 1 gig pc3200 Corsair XMS//RAM: 1 gig PC3200 PQi
Video Card: Ati AIW 9800pro 128mb//Video Card: Sapphire Ati 9600pro 128mb
HDs: 80gig Sata, 200gig ATA//HDs: 250gig WD, 80gig WD, 30gig WD, 13.5gig IBM
PSU: 500w X-Infinity//PSU: 500W Ultra-X Titanium Blue
M0ddingMan1a is offline   Reply With Quote
Old 02-26-2010, 09:44 PM   #6
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 30,296
Default

I'm worried about 2 entries in your hjt log.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
johnb35 is offline   Reply With Quote
Old 02-27-2010, 10:00 PM   #7
Gigabyte Member
 
M0ddingMan1a's Avatar
 
Join Date: May 2005
Location: CA
Age: 25
Posts: 1,619
Default

HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:26 PM, on 2/27/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5268 bytes


Combofix:

ComboFix 10-02-27.04 - Pho_Shizzle 02/27/2010 13:44:03.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1329 [GMT -8:00]
Running from: c:\users\Pho_Shizzle\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windo ws\Temporary Internet Files\-j7UNnK
c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windo ws\Temporary Internet Files\rjHcEs

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\temp
2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 08:24 . 2010-02-26 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-26 04:19 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-26 04:18 . 2010-02-26 04:18 -------- d-----w- c:\program files\Panda Security
2010-02-25 04:38 . 2010-02-25 04:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-25 04:38 . 2010-02-25 04:38 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\skypePM
2010-02-25 04:35 . 2010-02-25 04:39 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Skype
2010-02-25 04:31 . 2010-02-25 04:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-25 04:31 . 2010-02-25 21:56 -------- d-----r- c:\program files\Skype
2010-02-25 04:30 . 2010-02-25 04:31 -------- d-----w- c:\programdata\Skype
2010-02-24 23:33 . 2010-02-24 23:33 50354 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\unin stall.exe
2010-02-24 23:33 . 2010-02-24 23:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook
2010-02-24 23:08 . 2010-02-24 23:08 -------- d-----w- c:\program files\MSECache
2010-02-24 08:12 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:11 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 08:11 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 08:11 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-21 06:16 . 2010-02-21 06:16 177024 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firef ox\Profiles\cqvidpw1.default\FlashGot.exe
2010-02-21 06:10 . 2010-02-21 06:10 0 ----a-w- c:\windows\nsreg.dat
2010-02-17 10:04 . 2010-02-17 10:04 -------- d-----w- c:\program files\FLV Player
2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\windows\Sun
2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\program files\Common Files\Java
2010-02-14 09:22 . 2010-02-14 09:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 09:22 . 2010-02-14 09:22 -------- d-----w- c:\program files\Java
2010-02-13 06:20 . 2010-02-13 06:20 -------- d-----w- c:\users\Pho_Shizzle\WRC_2006
2010-02-13 06:18 . 2010-02-13 06:18 -------- d-----w- c:\users\Pho_Shizzle\WRC_2000
2010-02-08 00:37 . 2010-02-08 00:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-02-08 00:36 . 2010-02-08 00:36 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup-2\markup.dll
2010-02-08 00:36 . 2010-02-08 00:36 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight-2\SpotlightResources.dll
2010-02-07 07:27 . 2010-02-07 07:27 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ESET
2010-02-07 04:08 . 2010-02-07 04:08 -------- d-----w- c:\program files\Electronic Arts
2010-02-06 07:51 . 2010-02-06 07:51 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ElevatedDiagnos tics
2010-02-06 06:32 . 2010-02-06 06:32 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Jasc
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\axfb ootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfb plugin_1_0_1.dll
2010-02-01 03:43 . 2010-02-25 06:28 -------- d-----w- c:\users\Pho_Shizzle\dwhelper
2010-01-31 19:46 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-31 08:47 . 2010-02-25 04:48 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\vlc
2010-01-31 06:17 . 2010-01-31 06:17 -------- d-----w- c:\program files\Winamp Detect
2010-01-31 06:17 . 2010-01-31 06:31 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Winamp
2010-01-31 06:17 . 2010-01-31 06:19 -------- d-----w- c:\program files\Winamp
2010-01-31 03:49 . 2010-01-31 03:49 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\WMTools Downloaded Files
2010-01-31 03:44 . 2010-01-31 03:44 -------- d-----w- c:\program files\Movie Maker 2.6
2010-01-31 03:38 . 2010-01-31 03:38 -------- d-----w- c:\program files\Microsoft
2010-01-31 03:37 . 2010-01-31 03:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-31 03:37 . 2010-01-31 03:38 -------- d-----w- c:\program files\Windows Live
2010-01-31 03:36 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-31 03:36 . 2010-01-31 03:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-31 03:33 . 2010-01-31 03:33 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-31 03:29 . 2010-02-14 00:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore\Microsoft.MediaCenter.Sports.UI. dll
2010-01-31 03:28 . 2010-02-14 00:33 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll
2010-01-31 03:28 . 2010-02-15 04:40 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2010-01-31 01:16 . 2010-01-31 02:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Folder Guard
2010-01-31 00:55 . 2009-06-23 02:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN .DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-02-24 22:48 . 2010-01-25 23:38 13307 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\nvModes.dat
2010-02-24 17:16 . 2010-01-25 22:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 17:03 . 2010-01-28 19:24 -------- d-----w- c:\program files\uTorrent
2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\program files\PeerGuardian2
2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\uTorrent
2010-02-07 04:04 . 2010-01-28 19:09 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DAEMON Tools Lite
2010-01-31 19:07 . 2010-01-31 19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_ 00_00.Wdf
2010-01-31 02:33 . 2010-01-28 20:19 -------- d-----w- c:\program files\Folder Guard
2010-01-31 02:15 . 2010-01-28 18:59 141200 ----a-w- c:\users\Pho_Shizzle\AppData\Local\GDIPFONTCACHEV1 .DAT
2010-01-28 20:24 . 2010-01-28 20:24 -------- d-----w- c:\program files\Jasc Software Inc
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Lavasoft
2010-01-28 20:21 . 2010-01-28 20:21 -------- d-----w- c:\program files\Lavasoft
2010-01-28 20:15 . 2010-01-28 20:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-28 20:14 . 2010-01-28 20:14 -------- d-----w- c:\program files\Microsoft.NET
2010-01-28 20:10 . 2010-01-28 20:10 -------- d-----w- c:\program files\ESET
2010-01-28 20:08 . 2010-01-28 19:14 -------- d-----w- c:\programdata\NOS
2010-01-28 19:47 . 2010-01-28 19:47 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\acccore
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\programdata\AIM
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\AIM7
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\AOL
2010-01-28 19:42 . 2010-01-28 19:42 -------- d-----w- c:\program files\545 Studios
2010-01-28 19:42 . 2010-01-28 19:01 -------- d-----w- c:\program files\AIM
2010-01-28 19:41 . 2010-01-28 19:01 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Aim
2010-01-28 19:39 . 2010-01-25 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 19:38 . 2010-01-28 19:38 -------- d-----w- c:\program files\HP 1.3MP Webcam
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\programdata\LogiShrd
2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\programdata\Logitech
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Logitech
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Leadertech
2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2010-01-28 19:36 . 2010-01-28 19:36 -------- d-----w- c:\program files\Logitech
2010-01-28 19:29 . 2010-01-28 19:26 -------- d-----w- c:\program files\coolpro2
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DivX
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Syntrillium
2010-01-28 19:24 . 2010-01-28 19:24 -------- d-----w- c:\program files\VideoLAN
2010-01-28 19:22 . 2010-01-28 19:02 -------- d-----w- c:\program files\CPUID
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Malwarebytes
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\programdata\Malwarebytes
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\IrfanView
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\IrfanView
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\YourWare Solutions
2010-01-28 19:19 . 2010-01-28 19:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-28 19:17 . 2010-01-28 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-28 19:16 . 2010-01-28 19:16 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-28 19:09 . 2010-01-28 19:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\DivX
2010-01-28 19:06 . 2010-01-28 19:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Ins taller\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Ins taller\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Ins taller\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Ins taller\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-01-28 19:03 . 2010-01-28 19:03 -------- d-----w- c:\program files\Microsoft Bootvis
2010-01-28 19:02 . 2010-01-28 19:02 -------- d-----w- c:\program files\CCleaner
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\AOD
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\programdata\Viewpoint
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\Viewpoint
2010-01-28 19:00 . 2010-01-28 18:59 -------- d-----w- c:\programdata\Apple Computer
2010-01-28 18:59 . 2010-01-28 18:59 -------- d-----w- c:\program files\QuickTime
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\Apple Software Update
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\programdata\Apple
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\everesthome201
2010-01-28 18:56 . 2010-01-28 18:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
2010-01-25 23:43 . 2010-01-25 23:43 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-25 23:41 . 2010-01-25 23:41 -------- d-----w- c:\program files\WIDCOMM
2010-01-25 23:40 . 2010-01-25 23:40 -------- d-----w- c:\program files\Broadcom
2010-01-25 23:30 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\InstallShield
2010-01-25 23:04 . 2010-01-25 23:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\program files\Synaptics
2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\NetWaiting
2010-01-25 23:03 . 2010-01-25 23:01 -------- d-----w- c:\program files\CONEXANT
2010-01-18 23:29 . 2010-02-10 22:09 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 22:09 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 22:09 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 22:09 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 22:09 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 22:09 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 22:09 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 22:09 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-08 00:07 . 2010-01-28 19:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-01-28 19:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 09:02 . 2010-01-28 08:13 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 22:09 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 22:09 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 22:09 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 22:09 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 22:09 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 22:09 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 22:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 22:09 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-01-14 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"FG_Monitor"="c:\program files\Folder Guard\FGKey.exe" [2008-01-05 118600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-28 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboo t.sys [2/25/2010 8:19 PM 28552]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 3:52 PM 48128]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz13 2_x32.sys [1/28/2010 11:02 AM 12672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfw wfpr.sys [5/14/2009 3:49 PM 93312]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard\FGUARD32.SYS [1/28/2010 12:19 PM 54008]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1/28/2010 11:09 AM 691696]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VS TAZL3.SYS [7/13/2009 2:13 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VS TDPV3.SYS [7/13/2009 2:13 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\driver s\VSTCNXT3.SYS [7/13/2009 2:13 PM 661504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firef ox\Profiles\cqvidpw1.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfb plugin_1_0_1.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-27 13:54:54
ComboFix-quarantined-files.txt 2010-02-27 21:54

Pre-Run: 53,828,542,464 bytes free
Post-Run: 55,469,346,816 bytes free

- - End Of File - - A9A8ADE80CB5292C89FD9A72523F510F
__________________
Entertainment Rig// My FUll BLUE Rig:
CPU: AMD 64 Clawhammer 3400+//CPU: AMD Sempron 2600+
Mobo: DFI Lanparty UT 250gb//Mobo: Gigabyte GA-K8NS
RAM: 1 gig pc3200 Corsair XMS//RAM: 1 gig PC3200 PQi
Video Card: Ati AIW 9800pro 128mb//Video Card: Sapphire Ati 9600pro 128mb
HDs: 80gig Sata, 200gig ATA//HDs: 250gig WD, 80gig WD, 30gig WD, 13.5gig IBM
PSU: 500w X-Infinity//PSU: 500W Ultra-X Titanium Blue
M0ddingMan1a is offline   Reply With Quote
Old 02-28-2010, 01:01 AM   #8
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 30,296
Default

Please rerun hijackthis and place a check next to the following entries.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

Then click on fix checked at the bottom. I highly recommend to uninstall that freeram xp pro program as those type of programs cause more harm than good. Windows 7 is pretty good about managing the ram and releasing it when needed.
johnb35 is offline   Reply With Quote
Old 03-01-2010, 04:06 AM   #9
Gigabyte Member
 
M0ddingMan1a's Avatar
 
Join Date: May 2005
Location: CA
Age: 25
Posts: 1,619
Default

^ alright thanks man. ill go on uninstalling the freeramxp program. things seem to be running better, no more ads. ill let you know if things occur again.
__________________
Entertainment Rig// My FUll BLUE Rig:
CPU: AMD 64 Clawhammer 3400+//CPU: AMD Sempron 2600+
Mobo: DFI Lanparty UT 250gb//Mobo: Gigabyte GA-K8NS
RAM: 1 gig pc3200 Corsair XMS//RAM: 1 gig PC3200 PQi
Video Card: Ati AIW 9800pro 128mb//Video Card: Sapphire Ati 9600pro 128mb
HDs: 80gig Sata, 200gig ATA//HDs: 250gig WD, 80gig WD, 30gig WD, 13.5gig IBM
PSU: 500w X-Infinity//PSU: 500W Ultra-X Titanium Blue
M0ddingMan1a is offline   Reply With Quote
Old 03-04-2010, 05:24 AM   #10
Byte Member
 
softe's Avatar
 
Join Date: Dec 2006
Location: Boston
Posts: 154
Default

does combofix work with windows 7? i dont think it does... if not, do they have a win7 version? thanks
__________________
my virus Spyware removal blog
softe is offline   Reply With Quote

Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox Addons Thread bomberboysk Internet Discussion 92 12-28-2010 10:31 PM
Mozilla or IE? penguinrusty General Software 57 06-10-2010 06:50 AM
another HiJackThis Log sarus86 Computer Security 13 02-02-2010 02:22 PM
Spyware Trojan perfectm Computer Security 29 09-17-2008 06:47 PM
Firefox Extensions Artoonie General Software 11 12-25-2006 08:57 PM


All times are GMT +1. The time now is 05:08 PM.


Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2002-2014 Computer Forum