Adware in Firefox?

M0ddingMan1a

M0ddingMan1a

New Member
Im currently running on windows 7. Recently when im using firefox, a random pop up would appear saying i have been lucky visitor number whatever, and this happens on any website at all! then it takes me to a ad while in the current page i am at. Before every ad page loads, i see "loudmo". it has been lagging down my firefox, i dont think i have downloaded anything that would have added this adware. can i get some help on how to get rid of this?

:D
 
johnb35

johnb35

Administrator
Staff member
Please follow this procedure here.

Please download Malwarebytes' Anti-Malware from here, here, here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
M0ddingMan1a

M0ddingMan1a

New Member
Alright Malwarebytes:

Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/26/2010 12:33:53 AM
mbam-log-2010-02-26 (00-33-53).txt

Scan type: Quick Scan
Objects scanned: 104280
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:57 AM, on 2/26/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Folder Guard\FGKey.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Winamp\elevator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6825 bytes
 
johnb35

johnb35

Administrator
Staff member
I'm worried about 2 entries in your hjt log.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
M0ddingMan1a

M0ddingMan1a

New Member
HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:26 PM, on 2/27/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5268 bytes


Combofix:

ComboFix 10-02-27.04 - Pho_Shizzle 02/27/2010 13:44:03.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1329 [GMT -8:00]
Running from: c:\users\Pho_Shizzle\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\-j7UNnK
c:\users\Pho_Shizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\rjHcEs

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\temp
2010-02-27 21:52 . 2010-02-27 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 08:24 . 2010-02-26 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-26 04:19 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-26 04:18 . 2010-02-26 04:18 -------- d-----w- c:\program files\Panda Security
2010-02-25 04:38 . 2010-02-25 04:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-25 04:38 . 2010-02-25 04:38 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\skypePM
2010-02-25 04:35 . 2010-02-25 04:39 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Skype
2010-02-25 04:31 . 2010-02-25 04:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-25 04:31 . 2010-02-25 21:56 -------- d-----r- c:\program files\Skype
2010-02-25 04:30 . 2010-02-25 04:31 -------- d-----w- c:\programdata\Skype
2010-02-24 23:33 . 2010-02-24 23:33 50354 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\uninstall.exe
2010-02-24 23:33 . 2010-02-24 23:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook
2010-02-24 23:08 . 2010-02-24 23:08 -------- d-----w- c:\program files\MSECache
2010-02-24 08:12 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:11 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 08:11 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 08:11 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-21 06:16 . 2010-02-21 06:16 177024 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\cqvidpw1.default\FlashGot.exe
2010-02-21 06:10 . 2010-02-21 06:10 0 ----a-w- c:\windows\nsreg.dat
2010-02-17 10:04 . 2010-02-17 10:04 -------- d-----w- c:\program files\FLV Player
2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\windows\Sun
2010-02-14 09:23 . 2010-02-14 09:23 -------- d-----w- c:\program files\Common Files\Java
2010-02-14 09:22 . 2010-02-14 09:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 09:22 . 2010-02-14 09:22 -------- d-----w- c:\program files\Java
2010-02-13 06:20 . 2010-02-13 06:20 -------- d-----w- c:\users\Pho_Shizzle\WRC_2006
2010-02-13 06:18 . 2010-02-13 06:18 -------- d-----w- c:\users\Pho_Shizzle\WRC_2000
2010-02-08 00:37 . 2010-02-08 00:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-02-08 00:36 . 2010-02-08 00:36 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-02-08 00:36 . 2010-02-08 00:36 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-07 07:27 . 2010-02-07 07:27 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ESET
2010-02-07 04:08 . 2010-02-07 04:08 -------- d-----w- c:\program files\Electronic Arts
2010-02-06 07:51 . 2010-02-06 07:51 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\ElevatedDiagnostics
2010-02-06 06:32 . 2010-02-06 06:32 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Jasc
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-02-01 03:43 . 2010-02-25 06:28 -------- d-----w- c:\users\Pho_Shizzle\dwhelper
2010-01-31 19:46 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-31 08:47 . 2010-02-25 04:48 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\vlc
2010-01-31 06:17 . 2010-01-31 06:17 -------- d-----w- c:\program files\Winamp Detect
2010-01-31 06:17 . 2010-01-31 06:31 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Winamp
2010-01-31 06:17 . 2010-01-31 06:19 -------- d-----w- c:\program files\Winamp
2010-01-31 03:49 . 2010-01-31 03:49 -------- d-----w- c:\users\Pho_Shizzle\AppData\Local\WMTools Downloaded Files
2010-01-31 03:44 . 2010-01-31 03:44 -------- d-----w- c:\program files\Movie Maker 2.6
2010-01-31 03:38 . 2010-01-31 03:38 -------- d-----w- c:\program files\Microsoft
2010-01-31 03:37 . 2010-01-31 03:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-31 03:37 . 2010-01-31 03:38 -------- d-----w- c:\program files\Windows Live
2010-01-31 03:36 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-31 03:36 . 2010-01-31 03:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-31 03:33 . 2010-01-31 03:33 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-31 03:29 . 2010-02-14 00:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-31 03:28 . 2010-02-14 00:33 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-01-31 03:28 . 2010-02-15 04:40 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-31 01:16 . 2010-01-31 02:33 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Folder Guard
2010-01-31 00:55 . 2009-06-23 02:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 22:48 . 2010-01-25 23:38 13307 ----a-w- c:\users\Pho_Shizzle\AppData\Roaming\nvModes.dat
2010-02-24 17:16 . 2010-01-25 22:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 17:03 . 2010-01-28 19:24 -------- d-----w- c:\program files\uTorrent
2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\program files\PeerGuardian2
2010-02-22 23:49 . 2010-01-28 19:23 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\uTorrent
2010-02-07 04:04 . 2010-01-28 19:09 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DAEMON Tools Lite
2010-01-31 19:07 . 2010-01-31 19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-31 02:33 . 2010-01-28 20:19 -------- d-----w- c:\program files\Folder Guard
2010-01-31 02:15 . 2010-01-28 18:59 141200 ----a-w- c:\users\Pho_Shizzle\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-28 20:24 . 2010-01-28 20:24 -------- d-----w- c:\program files\Jasc Software Inc
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Lavasoft
2010-01-28 20:21 . 2010-01-28 20:21 -------- d-----w- c:\program files\Lavasoft
2010-01-28 20:15 . 2010-01-28 20:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-28 20:14 . 2010-01-28 20:14 -------- d-----w- c:\program files\Microsoft.NET
2010-01-28 20:10 . 2010-01-28 20:10 -------- d-----w- c:\program files\ESET
2010-01-28 20:08 . 2010-01-28 19:14 -------- d-----w- c:\programdata\NOS
2010-01-28 19:47 . 2010-01-28 19:47 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\acccore
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\programdata\AIM
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\AIM7
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- c:\program files\Common Files\AOL
2010-01-28 19:42 . 2010-01-28 19:42 -------- d-----w- c:\program files\545 Studios
2010-01-28 19:42 . 2010-01-28 19:01 -------- d-----w- c:\program files\AIM
2010-01-28 19:41 . 2010-01-28 19:01 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Aim
2010-01-28 19:39 . 2010-01-25 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 19:38 . 2010-01-28 19:38 -------- d-----w- c:\program files\HP 1.3MP Webcam
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\programdata\LogiShrd
2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\programdata\Logitech
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Logitech
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Leadertech
2010-01-28 19:37 . 2010-01-28 19:36 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-28 19:36 . 2010-01-28 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-28 19:36 . 2010-01-28 19:36 -------- d-----w- c:\program files\Logitech
2010-01-28 19:29 . 2010-01-28 19:26 -------- d-----w- c:\program files\coolpro2
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\DivX
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Syntrillium
2010-01-28 19:24 . 2010-01-28 19:24 -------- d-----w- c:\program files\VideoLAN
2010-01-28 19:22 . 2010-01-28 19:02 -------- d-----w- c:\program files\CPUID
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\Malwarebytes
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\programdata\Malwarebytes
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\IrfanView
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\IrfanView
2010-01-28 19:20 . 2010-01-28 19:20 -------- d-----w- c:\program files\YourWare Solutions
2010-01-28 19:19 . 2010-01-28 19:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-28 19:17 . 2010-01-28 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-28 19:16 . 2010-01-28 19:16 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-28 19:09 . 2010-01-28 19:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\DivX
2010-01-28 19:06 . 2010-01-28 19:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-28 19:06 . 2010-01-28 19:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-01-28 19:03 . 2010-01-28 19:03 1078 ----a-r- c:\users\Pho_Shizzle\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-01-28 19:03 . 2010-01-28 19:03 -------- d-----w- c:\program files\Microsoft Bootvis
2010-01-28 19:02 . 2010-01-28 19:02 -------- d-----w- c:\program files\CCleaner
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\AOD
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\programdata\Viewpoint
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\Viewpoint
2010-01-28 19:00 . 2010-01-28 18:59 -------- d-----w- c:\programdata\Apple Computer
2010-01-28 18:59 . 2010-01-28 18:59 -------- d-----w- c:\program files\QuickTime
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\Apple Software Update
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\programdata\Apple
2010-01-28 18:58 . 2010-01-28 18:58 -------- d-----w- c:\program files\everesthome201
2010-01-28 18:56 . 2010-01-28 18:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-25 23:43 . 2010-01-25 23:43 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-25 23:41 . 2010-01-25 23:41 -------- d-----w- c:\program files\WIDCOMM
2010-01-25 23:40 . 2010-01-25 23:40 -------- d-----w- c:\program files\Broadcom
2010-01-25 23:30 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\users\Pho_Shizzle\AppData\Roaming\InstallShield
2010-01-25 23:04 . 2010-01-25 23:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\program files\Synaptics
2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-01-25 23:03 . 2010-01-25 23:03 -------- d-----w- c:\program files\NetWaiting
2010-01-25 23:03 . 2010-01-25 23:01 -------- d-----w- c:\program files\CONEXANT
2010-01-18 23:29 . 2010-02-10 22:09 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 22:09 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 22:09 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 22:09 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 22:09 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 22:09 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 22:09 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 22:09 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 22:09 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-08 00:07 . 2010-01-28 19:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-01-28 19:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 09:02 . 2010-01-28 08:13 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 22:09 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 22:09 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 22:09 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 22:09 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 22:09 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 22:09 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 22:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 22:09 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"FG_Monitor"="c:\program files\Folder Guard\FGKey.exe" [2008-01-05 118600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-28 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2/25/2010 8:19 PM 28552]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 3:52 PM 48128]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [1/28/2010 11:02 AM 12672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [5/14/2009 3:49 PM 93312]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard\FGUARD32.SYS [1/28/2010 12:19 PM 54008]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1/28/2010 11:09 AM 691696]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [7/13/2009 2:13 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 2:13 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [7/13/2009 2:13 PM 661504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Pho_Shizzle\AppData\Roaming\Mozilla\Firefox\Profiles\cqvidpw1.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Pho_Shizzle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-27 13:54:54
ComboFix-quarantined-files.txt 2010-02-27 21:54

Pre-Run: 53,828,542,464 bytes free
Post-Run: 55,469,346,816 bytes free

- - End Of File - - A9A8ADE80CB5292C89FD9A72523F510F
 
johnb35

johnb35

Administrator
Staff member
Please rerun hijackthis and place a check next to the following entries.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

Then click on fix checked at the bottom. I highly recommend to uninstall that freeram xp pro program as those type of programs cause more harm than good. Windows 7 is pretty good about managing the ram and releasing it when needed.
 
M0ddingMan1a

M0ddingMan1a

New Member
^ alright thanks man. ill go on uninstalling the freeramxp program. things seem to be running better, no more ads. ill let you know if things occur again.
 
softe

softe

New Member
does combofix work with windows 7? i dont think it does... if not, do they have a win7 version? thanks
 
You must log in or register to reply here.
Top