HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:26 PM, on 2/27/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5268 bytes
Combofix:
ComboFix 10-02-27.04 - Pho_Shizzle 02/27/2010 13:44:03.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1329 [GMT -8:00]
Running from: c:\users\Pho_Shizzle\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\-j7UNnK
c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\rjHcEs
.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.
2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\temp
2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 08:24 . 2010-02-26 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-26 04:19 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-26 04:18 . 2010-02-26 04:18 -------- d-----w- c:\program files\Panda Security
2010-02-25 04:38 . 2010-02-25 04:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-25 04:38 . 2010-02-25 04:38 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\skypePM
2010-02-25 04:35 . 2010-02-25 04:39 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Skype
2010-02-25 04:31 . 2010-02-25 04:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-25 04:31 . 2010-02-25 21:56 -------- d-----r- c:\program files\Skype
2010-02-25 04:30 . 2010-02-25 04:31 -------- d-----w- c:\programdata\Skype
2010-02-24 23:33 . 2010-02-24 23:33 50354 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\uninstall.exe
2010-02-24 23:33 . 2010-02-24 23:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook
2010-02-24 23:08 . 2010-02-24 23:08 -------- d-----w- c:\program files\MSECache
2010-02-24 08:12 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:11 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 08:11 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 08:11 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-21 06:16 . 2010-02-21 06:16 177024 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\cqvidpw1.default\FlashGot.exe
2010-02-21 06:10 . 2010-02-21 06:10 0 ----a-w- c:\windows\nsreg.dat
2010-02-17 10:04 . 2010-02-17 10:04 -------- d-----w- c:\program files\FLV Player
2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\windows\Sun
2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\program files\Common Files\Java
2010-02-14 09:22 . 2010-02-14 09:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 09:22 . 2010-02-14 09:22 -------- d-----w- c:\program files\Java
2010-02-13 06:20 . 2010-02-13 06:20 -------- d-----w- c:\users\Pho_Shizzle\WRC_2006
2010-02-13 06:18 . 2010-02-13 06:18 -------- d-----w- c:\users\Pho_Shizzle\WRC_2000
2010-02-08 00:37 . 2010-02-08 00:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-02-08 00:36 . 2010-02-08 00:36 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-02-08 00:36 . 2010-02-08 00:36 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-07 07:27 . 2010-02-07 07:27 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ESET
2010-02-07 04:08 . 2010-02-07 04:08 -------- d-----w- c:\program files\Electronic Arts
2010-02-06 07:51 . 2010-02-06 07:51 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ElevatedDiagnostics
2010-02-06 06:32 . 2010-02-06 06:32 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Jasc
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-02-01 03:43 . 2010-02-25 06:28 -------- d-----w- c:\users\Pho_Shizzle\dwhelper
2010-01-31 19:46 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-31 08:47 . 2010-02-25 04:48 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\vlc
2010-01-31 06:17 . 2010-01-31 06:17 -------- d-----w- c:\program files\Winamp Detect
2010-01-31 06:17 . 2010-01-31 06:31 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Winamp
2010-01-31 06:17 . 2010-01-31 06:19 -------- d-----w- c:\program files\Winamp
2010-01-31 03:49 . 2010-01-31 03:49 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\WMTools Downloaded Files
2010-01-31 03:44 . 2010-01-31 03:44 -------- d-----w- c:\program files\Movie Maker 2.6
2010-01-31 03:38 . 2010-01-31 03:38 -------- d-----w- c:\program files\Microsoft
2010-01-31 03:37 . 2010-01-31 03:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-31 03:37 . 2010-01-31 03:38 -------- d-----w- c:\program files\Windows Live
2010-01-31 03:36 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-31 03:36 . 2010-01-31 03:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-31 03:33 . 2010-01-31 03:33 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-31 03:29 . 2010-02-14 00:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-31 03:28 . 2010-02-14 00:33 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-01-31 03:28 . 2010-02-15 04:40 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-31 01:16 . 2010-01-31 02:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Folder Guard
2010-01-31 00:55 . 2009-06-23 02:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 22:48 . 2010-01-25 23:38 13307 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\nvModes.dat
2010-02-24 17:16 . 2010-01-25 22:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 17:03 . 2010-01-28 19:24 -------- d-----w- c:\program files\uTorrent
2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\program files\PeerGuardian2
2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\uTorrent
2010-02-07 04:04 . 2010-01-28 19:09 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DAEMON Tools Lite
2010-01-31 19:07 . 2010-01-31 19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-31 02:33 . 2010-01-28 20:19 -------- d-----w- c:\program files\Folder Guard
2010-01-31 02:15 . 2010-01-28 18:59 141200 ----a-w- c:\users\Pho_Shizzle\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-28 20:24 . 2010-01-28 20:24 -------- d-----w- c:\program files\Jasc Software Inc
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Lavasoft
2010-01-28 20:21 . 2010-01-28 20:21 -------- d-----w- c:\program files\Lavasoft
2010-01-28 20:15 . 2010-01-28 20:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-28 20:14 . 2010-01-28 20:14 -------- d-----w- c:\program files\Microsoft.NET
2010-01-28 20:10 . 2010-01-28 20:10 -------- d-----w- c:\program files\ESET
2010-01-28 20:08 . 2010-01-28 19:14 -------- d-----w- c:\programdata\NOS
2010-01-28 19:47 . 2010-01-28 19:47 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\acccore
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\programdata\AIM
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\AIM7
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\AOL
2010-01-28 19:42 . 2010-01-28 19:42 -------- d-----w- c:\program files\545 Studios
2010-01-28 19:42 . 2010-01-28 19:01 -------- d-----w- c:\program files\AIM
2010-01-28 19:41 . 2010-01-28 19:01 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Aim
2010-01-28 19:39 . 2010-01-25 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 19:38 . 2010-01-28 19:38 -------- d-----w- c:\program files\HP 1.3MP Webcam
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\programdata\LogiShrd
2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\programdata\Logitech
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Logitech
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Leadertech
2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-28 19:36 . 2010-01-28 19:36 -------- d-----w- c:\program files\Logitech
2010-01-28 19:29 . 2010-01-28 19:26 -------- d-----w- c:\program files\coolpro2
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DivX
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Syntrillium
2010-01-28 19:24 . 2010-01-28 19:24 -------- d-----w- c:\program files\VideoLAN
2010-01-28 19:22 . 2010-01-28 19:02 -------- d-----w- c:\program files\CPUID
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Malwarebytes
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\programdata\Malwarebytes
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\IrfanView
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\IrfanView
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\YourWare Solutions
2010-01-28 19:19 . 2010-01-28 19:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-28 19:17 . 2010-01-28 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-28 19:16 . 2010-01-28 19:16 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-28 19:09 . 2010-01-28 19:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\DivX
2010-01-28 19:06 . 2010-01-28 19:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-01-28 19:03 . 2010-01-28 19:03 -------- d-----w- c:\program files\Microsoft Bootvis
2010-01-28 19:02 . 2010-01-28 19:02 -------- d-----w- c:\program files\CCleaner
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\AOD
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\programdata\Viewpoint
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\Viewpoint
2010-01-28 19:00 . 2010-01-28 18:59 -------- d-----w- c:\programdata\Apple Computer
2010-01-28 18:59 . 2010-01-28 18:59 -------- d-----w- c:\program files\QuickTime
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\Apple Software Update
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\programdata\Apple
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\everesthome201
2010-01-28 18:56 . 2010-01-28 18:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-25 23:43 . 2010-01-25 23:43 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-25 23:41 . 2010-01-25 23:41 -------- d-----w- c:\program files\WIDCOMM
2010-01-25 23:40 . 2010-01-25 23:40 -------- d-----w- c:\program files\Broadcom
2010-01-25 23:30 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\InstallShield
2010-01-25 23:04 . 2010-01-25 23:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\program files\Synaptics
2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\NetWaiting
2010-01-25 23:03 . 2010-01-25 23:01 -------- d-----w- c:\program files\CONEXANT
2010-01-18 23:29 . 2010-02-10 22:09 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 22:09 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 22:09 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 22:09 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 22:09 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 22:09 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 22:09 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 22:09 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-08 00:07 . 2010-01-28 19:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-01-28 19:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 09:02 . 2010-01-28 08:13 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 22:09 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 22:09 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 22:09 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 22:09 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 22:09 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 22:09 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 22:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 22:09 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"FG_Monitor"="c:\program files\Folder Guard\FGKey.exe" [2008-01-05 118600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-28 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2/25/2010 8:19 PM 28552]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 3:52 PM 48128]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [1/28/2010 11:02 AM 12672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [5/14/2009 3:49 PM 93312]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard\FGUARD32.SYS [1/28/2010 12:19 PM 54008]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1/28/2010 11:09 AM 691696]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [7/13/2009 2:13 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 2:13 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [7/13/2009 2:13 PM 661504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\cqvidpw1.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-27 13:54:54
ComboFix-quarantined-files.txt 2010-02-27 21:54
Pre-Run: 53,828,542,464 bytes free
Post-Run: 55,469,346,816 bytes free
- - End Of File - - A9A8ADE80CB5292C89FD9A72523F510F