Adware in Firefox?

Discussion in 'Computer Security' started by M0ddingMan1a, Feb 25, 2010.

  1. M0ddingMan1a

    M0ddingMan1a New Member

    Messages:
    1,612
    Im currently running on windows 7. Recently when im using firefox, a random pop up would appear saying i have been lucky visitor number whatever, and this happens on any website at all! then it takes me to a ad while in the current page i am at. Before every ad page loads, i see "loudmo". it has been lagging down my firefox, i dont think i have downloaded anything that would have added this adware. can i get some help on how to get rid of this?

    :D
     
  2. Sean89

    Sean89 New Member

    Messages:
    270
  3. M0ddingMan1a

    M0ddingMan1a New Member

    Messages:
    1,612
    i have already scanned with malwarebytes anti malware, and it doesnt detect anything.
     
  4. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,200
    Please follow this procedure here.

    Please download Malwarebytes' Anti-Malware from here, here, here or here and save it to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

    If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

    Download the HijackThis installer from here.
    Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

    Click Do a system scan and save a logfile

    Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

    Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
     
  5. M0ddingMan1a

    M0ddingMan1a New Member

    Messages:
    1,612
    Alright Malwarebytes:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3728
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/26/2010 12:33:53 AM
    mbam-log-2010-02-26 (00-33-53).txt

    Scan type: Quick Scan
    Objects scanned: 104280
    Time elapsed: 5 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    Hijack log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:57 AM, on 2/26/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Windows\snuvcdsm.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Folder Guard\FGKey.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Winamp\elevator.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6825 bytes
     
  6. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,200
    I'm worried about 2 entries in your hjt log.

    Download and Run ComboFix
    If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

    In your next reply please post:
    • The ComboFix log
    • A fresh HiJackThis log
    • An update on how your computer is running
     
  7. M0ddingMan1a

    M0ddingMan1a New Member

    Messages:
    1,612
    HiJack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:57:26 PM, on 2/27/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 5268 bytes


    Combofix:

    ComboFix 10-02-27.04 - Pho_Shizzle 02/27/2010 13:44:03.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1329 [GMT -8:00]
    Running from: c:\users\Pho_Shizzle\Desktop\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\-j7UNnK
    c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\rjHcEs

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
    .

    2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\temp
    2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-02-26 08:24 . 2010-02-26 08:24 -------- d-----w- c:\program files\Trend Micro
    2010-02-26 04:19 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-02-26 04:18 . 2010-02-26 04:18 -------- d-----w- c:\program files\Panda Security
    2010-02-25 04:38 . 2010-02-25 04:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-02-25 04:38 . 2010-02-25 04:38 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\skypePM
    2010-02-25 04:35 . 2010-02-25 04:39 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Skype
    2010-02-25 04:31 . 2010-02-25 04:31 -------- d-----w- c:\program files\Common Files\Skype
    2010-02-25 04:31 . 2010-02-25 21:56 -------- d-----r- c:\program files\Skype
    2010-02-25 04:30 . 2010-02-25 04:31 -------- d-----w- c:\programdata\Skype
    2010-02-24 23:33 . 2010-02-24 23:33 50354 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\uninstall.exe
    2010-02-24 23:33 . 2010-02-24 23:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook
    2010-02-24 23:08 . 2010-02-24 23:08 -------- d-----w- c:\program files\MSECache
    2010-02-24 08:12 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-02-24 08:11 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-02-24 08:11 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-02-24 08:11 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2010-02-21 06:16 . 2010-02-21 06:16 177024 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\cqvidpw1.default\FlashGot.exe
    2010-02-21 06:10 . 2010-02-21 06:10 0 ----a-w- c:\windows\nsreg.dat
    2010-02-17 10:04 . 2010-02-17 10:04 -------- d-----w- c:\program files\FLV Player
    2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\windows\Sun
    2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\program files\Common Files\Java
    2010-02-14 09:22 . 2010-02-14 09:22 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-14 09:22 . 2010-02-14 09:22 -------- d-----w- c:\program files\Java
    2010-02-13 06:20 . 2010-02-13 06:20 -------- d-----w- c:\users\Pho_Shizzle\WRC_2006
    2010-02-13 06:18 . 2010-02-13 06:18 -------- d-----w- c:\users\Pho_Shizzle\WRC_2000
    2010-02-08 00:37 . 2010-02-08 00:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-02-08 00:36 . 2010-02-08 00:36 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-02-08 00:36 . 2010-02-08 00:36 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-02-07 07:27 . 2010-02-07 07:27 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ESET
    2010-02-07 04:08 . 2010-02-07 04:08 -------- d-----w- c:\program files\Electronic Arts
    2010-02-06 07:51 . 2010-02-06 07:51 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ElevatedDiagnostics
    2010-02-06 06:32 . 2010-02-06 06:32 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Jasc
    2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\axfbootloader.dll
    2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    2010-02-01 03:43 . 2010-02-25 06:28 -------- d-----w- c:\users\Pho_Shizzle\dwhelper
    2010-01-31 19:46 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2010-01-31 08:47 . 2010-02-25 04:48 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\vlc
    2010-01-31 06:17 . 2010-01-31 06:17 -------- d-----w- c:\program files\Winamp Detect
    2010-01-31 06:17 . 2010-01-31 06:31 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Winamp
    2010-01-31 06:17 . 2010-01-31 06:19 -------- d-----w- c:\program files\Winamp
    2010-01-31 03:49 . 2010-01-31 03:49 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\WMTools Downloaded Files
    2010-01-31 03:44 . 2010-01-31 03:44 -------- d-----w- c:\program files\Movie Maker 2.6
    2010-01-31 03:38 . 2010-01-31 03:38 -------- d-----w- c:\program files\Microsoft
    2010-01-31 03:37 . 2010-01-31 03:37 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-01-31 03:37 . 2010-01-31 03:38 -------- d-----w- c:\program files\Windows Live
    2010-01-31 03:36 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-01-31 03:36 . 2010-01-31 03:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-01-31 03:33 . 2010-01-31 03:33 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-01-31 03:29 . 2010-02-14 00:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-01-31 03:28 . 2010-02-14 00:33 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-01-31 03:28 . 2010-02-15 04:40 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-01-31 01:16 . 2010-01-31 02:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Folder Guard
    2010-01-31 00:55 . 2009-06-23 02:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-24 22:48 . 2010-01-25 23:38 13307 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\nvModes.dat
    2010-02-24 17:16 . 2010-01-25 22:54 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-23 17:03 . 2010-01-28 19:24 -------- d-----w- c:\program files\uTorrent
    2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\program files\PeerGuardian2
    2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\uTorrent
    2010-02-07 04:04 . 2010-01-28 19:09 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DAEMON Tools Lite
    2010-01-31 19:07 . 2010-01-31 19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
    2010-01-31 02:33 . 2010-01-28 20:19 -------- d-----w- c:\program files\Folder Guard
    2010-01-31 02:15 . 2010-01-28 18:59 141200 ----a-w- c:\users\Pho_Shizzle\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-01-28 20:24 . 2010-01-28 20:24 -------- d-----w- c:\program files\Jasc Software Inc
    2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Lavasoft
    2010-01-28 20:21 . 2010-01-28 20:21 -------- d-----w- c:\program files\Lavasoft
    2010-01-28 20:15 . 2010-01-28 20:15 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-01-28 20:14 . 2010-01-28 20:14 -------- d-----w- c:\program files\Microsoft.NET
    2010-01-28 20:10 . 2010-01-28 20:10 -------- d-----w- c:\program files\ESET
    2010-01-28 20:08 . 2010-01-28 19:14 -------- d-----w- c:\programdata\NOS
    2010-01-28 19:47 . 2010-01-28 19:47 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\acccore
    2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\programdata\AIM
    2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\AIM7
    2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\AOL
    2010-01-28 19:42 . 2010-01-28 19:42 -------- d-----w- c:\program files\545 Studios
    2010-01-28 19:42 . 2010-01-28 19:01 -------- d-----w- c:\program files\AIM
    2010-01-28 19:41 . 2010-01-28 19:01 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Aim
    2010-01-28 19:39 . 2010-01-25 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-28 19:38 . 2010-01-28 19:38 -------- d-----w- c:\program files\HP 1.3MP Webcam
    2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\programdata\LogiShrd
    2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\programdata\Logitech
    2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Logitech
    2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Leadertech
    2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\program files\Common Files\Logishrd
    2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2010-01-28 19:36 . 2010-01-28 19:36 -------- d-----w- c:\program files\Logitech
    2010-01-28 19:29 . 2010-01-28 19:26 -------- d-----w- c:\program files\coolpro2
    2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DivX
    2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Syntrillium
    2010-01-28 19:24 . 2010-01-28 19:24 -------- d-----w- c:\program files\VideoLAN
    2010-01-28 19:22 . 2010-01-28 19:02 -------- d-----w- c:\program files\CPUID
    2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Malwarebytes
    2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\programdata\Malwarebytes
    2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\IrfanView
    2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\IrfanView
    2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\YourWare Solutions
    2010-01-28 19:19 . 2010-01-28 19:19 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-28 19:17 . 2010-01-28 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-01-28 19:16 . 2010-01-28 19:16 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
    2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-01-28 19:09 . 2010-01-28 19:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\DivX
    2010-01-28 19:06 . 2010-01-28 19:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
    2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
    2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
    2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
    2010-01-28 19:03 . 2010-01-28 19:03 -------- d-----w- c:\program files\Microsoft Bootvis
    2010-01-28 19:02 . 2010-01-28 19:02 -------- d-----w- c:\program files\CCleaner
    2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\AOD
    2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\programdata\Viewpoint
    2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\Viewpoint
    2010-01-28 19:00 . 2010-01-28 18:59 -------- d-----w- c:\programdata\Apple Computer
    2010-01-28 18:59 . 2010-01-28 18:59 -------- d-----w- c:\program files\QuickTime
    2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\Apple Software Update
    2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\programdata\Apple
    2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\everesthome201
    2010-01-28 18:56 . 2010-01-28 18:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2010-01-25 23:43 . 2010-01-25 23:43 -------- d-----w- c:\program files\Hewlett-Packard
    2010-01-25 23:41 . 2010-01-25 23:41 -------- d-----w- c:\program files\WIDCOMM
    2010-01-25 23:40 . 2010-01-25 23:40 -------- d-----w- c:\program files\Broadcom
    2010-01-25 23:30 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\InstallShield
    2010-01-25 23:04 . 2010-01-25 23:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\program files\Synaptics
    2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\SWF Studio
    2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\NetWaiting
    2010-01-25 23:03 . 2010-01-25 23:01 -------- d-----w- c:\program files\CONEXANT
    2010-01-18 23:29 . 2010-02-10 22:09 365568 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-18 23:29 . 2010-02-10 22:09 369152 ----a-w- c:\windows\system32\secproc.dll
    2010-01-18 23:28 . 2010-02-10 22:09 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-18 23:28 . 2010-02-10 22:09 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-18 23:28 . 2010-02-10 22:09 320512 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-18 23:28 . 2010-02-10 22:09 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-08 03:18 . 2010-02-10 22:09 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:17 . 2010-02-10 22:09 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-01-08 00:07 . 2010-01-28 19:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-08 00:07 . 2010-01-28 19:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-19 09:02 . 2010-01-28 08:13 977920 ----a-w- c:\windows\system32\wininet.dll
    2009-12-19 09:02 . 2010-02-10 22:09 12288 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-12-19 09:02 . 2010-02-10 22:09 1328640 ----a-w- c:\windows\system32\quartz.dll
    2009-12-19 09:02 . 2010-02-10 22:09 22016 ----a-w- c:\windows\system32\msyuv.dll
    2009-12-19 09:02 . 2010-02-10 22:09 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2009-12-19 09:02 . 2010-02-10 22:09 13312 ----a-w- c:\windows\system32\msrle32.dll
    2009-12-19 09:02 . 2010-02-10 22:09 84480 ----a-w- c:\windows\system32\mciavi32.dll
    2009-12-19 09:02 . 2010-02-10 22:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-12-19 09:02 . 2010-02-10 22:09 91648 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
    "SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
    "FG_Monitor"="c:\program files\Folder Guard\FGKey.exe" [2008-01-05 118600]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-28 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2/25/2010 8:19 PM 28552]
    R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 3:52 PM 48128]
    R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [1/28/2010 11:02 AM 12672]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
    R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [5/14/2009 3:49 PM 93312]
    R2 FGUARD32;FGUARD32;c:\program files\Folder Guard\FGUARD32.SYS [1/28/2010 12:19 PM 54008]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1/28/2010 11:09 AM 691696]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [7/13/2009 2:13 PM 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 2:13 PM 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [7/13/2009 2:13 PM 661504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\cqvidpw1.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-02-27 13:54:54
    ComboFix-quarantined-files.txt 2010-02-27 21:54

    Pre-Run: 53,828,542,464 bytes free
    Post-Run: 55,469,346,816 bytes free

    - - End Of File - - A9A8ADE80CB5292C89FD9A72523F510F
     
  8. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,200
    Please rerun hijackthis and place a check next to the following entries.

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

    Then click on fix checked at the bottom. I highly recommend to uninstall that freeram xp pro program as those type of programs cause more harm than good. Windows 7 is pretty good about managing the ram and releasing it when needed.
     
  9. M0ddingMan1a

    M0ddingMan1a New Member

    Messages:
    1,612
    ^ alright thanks man. ill go on uninstalling the freeramxp program. things seem to be running better, no more ads. ill let you know if things occur again.
     
  10. softe

    softe New Member

    Messages:
    155
    does combofix work with windows 7? i dont think it does... if not, do they have a win7 version? thanks
     

Share This Page