Jump to content

joelstitch

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. joelstitch
    OK Here are the logs. Logs.zip
  2. joelstitch
    OK, I'll post the logs as soon as it finishes downloading and scanning.
  3. joelstitch
    Would a scan with BitDefender be fine? Cause thats what I have...
  4. joelstitch
    ComboFix 10-05-06.01 - Joel 05/07/2010 11:57:07.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.1098 [GMT -5:00] Running from: c:\users\Joel\Desktop\ComboFix.exe Command switches used :: c:\users\Joel\Desktop\CFScript.txt FILE :: "c:\windows\system32\rqpomm.dll" "c:\windows\System32\tusqnn.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\rqpomm.dll c:\windows\System32\tusqnn.dll . ((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 ))))))))))))))))))))))))))))))) . 2010-05-07 17:05 . 2010-05-07 17:07 -------- d-----w- c:\users\Joel\AppData\Local\temp 2010-05-07 17:05 . 2010-05-07 17:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-05-07 17:05 . 2010-05-07 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-07 16:55 . 2010-05-07 16:55 -------- d-----w- C:\32788R22FWJFW 2010-05-06 18:05 . 2010-05-07 04:22 -------- d-----w- c:\users\Joel\AppData\Roaming\FileZilla 2010-05-06 18:05 . 2010-05-06 18:05 -------- d-----w- c:\program files\FileZilla FTP Client 2010-05-06 17:43 . 2010-05-06 17:46 -------- d-----w- c:\users\Joel\AppData\Local\Google 2010-05-05 14:34 . 2010-05-05 14:34 -------- d-----w- c:\program files\Trend Micro 2010-05-03 01:02 . 2010-05-03 01:02 -------- d-----w- c:\users\Joel\AppData\Roaming\Malwarebytes 2010-05-03 00:04 . 2010-05-06 04:48 -------- d-----w- c:\users\Joel\AppData\Local\ElevatedDiagnostics 2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-05-02 17:25 . 2010-05-03 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-02 06:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-02 06:06 . 2010-05-02 06:06 -------- d-----w- c:\programdata\Malwarebytes 2010-05-02 06:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-30 20:19 . 2010-04-30 20:19 -------- d-----w- c:\program files\Music NFO Builder 2010-04-29 17:04 . 2010-05-04 15:49 -------- d-----w- c:\users\Joel\AppData\Roaming\dvdcss 2010-04-29 16:53 . 2010-04-29 16:53 -------- d-----w- c:\program files\Elaborate Bytes 2010-04-29 16:52 . 2010-04-29 16:52 -------- d-----w- c:\programdata\SlySoft 2010-04-29 16:51 . 2010-04-29 16:51 -------- d-----w- c:\program files\SlySoft 2010-04-28 16:11 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-28 16:10 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-28 16:10 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-27 02:18 . 2010-04-27 13:36 -------- d-----w- c:\program files\DOOM 3 2010-04-26 20:53 . 2010-05-03 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 03:27 . 2010-04-26 03:27 -------- d-----w- c:\programdata\Protexis 2010-04-26 02:59 . 2010-04-26 02:59 -------- d-----w- c:\users\Joel\AppData\Roaming\REAPER 2010-04-26 02:53 . 2010-04-26 03:10 -------- d-----w- c:\program files\REAPER 2010-04-26 01:58 . 2010-04-26 01:58 -------- d-----w- c:\program files\CFToolbox 2010-04-25 20:21 . 2010-04-25 20:21 -------- d-----w- c:\users\Joel\AppData\Local\iTunesKeys2 2010-04-25 20:19 . 2010-04-25 20:19 -------- d-----w- c:\program files\iTunesKeys 2010-04-24 22:53 . 2010-05-06 17:28 -------- d-----w- c:\program files\JDownloader 2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\users\Joel\AppData\Roaming\Foxit 2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Foxit Software 2010-04-24 20:14 . 2010-04-24 20:14 -------- d-----w- c:\program files\MSECache 2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\program files\SystemRequirementsLab 2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab 2010-04-24 19:34 . 2010-05-03 02:49 -------- d-----w- c:\windows\Sun 2010-04-24 19:30 . 2010-04-24 19:30 -------- d-----w- c:\program files\Common Files\Steam 2010-04-24 19:30 . 2010-04-27 01:44 -------- d-----w- c:\program files\Steam 2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\windows\PCHEALTH 2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\program files\Microsoft.NET 2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----w- c:\users\Joel\AppData\Local\Microsoft Help 2010-04-24 06:00 . 2010-04-24 06:07 -------- d-----w- c:\programdata\Microsoft Help 2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----r- C:\MSOCache 2010-04-23 22:44 . 2010-04-23 22:46 -------- d-----w- c:\program files\Picture Resize Genius 2010-04-22 16:39 . 2010-05-03 03:32 -------- d-----w- c:\programdata\Rosetta Stone 2010-04-20 17:49 . 2010-04-20 17:49 -------- d-----w- c:\program files\Rosetta Stone 2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\users\Joel\AppData\Roaming\VirtuaWin 2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\program files\VirtuaWin 2010-04-20 14:59 . 2010-05-07 17:06 -------- d-----w- c:\windows\system32\wbem\repository 2010-04-20 03:50 . 2010-04-20 03:50 -------- d-----w- c:\users\Joel\AppData\Local\Logitech 2010-04-20 00:16 . 2010-04-20 00:28 -------- d-----w- c:\program files\360desktop 2010-04-20 00:16 . 2010-04-20 00:16 -------- d-----w- c:\users\Joel\AppData\Roaming\360desktop 2010-04-19 19:36 . 2010-04-19 19:36 -------- d-----w- c:\users\Joel\AppData\Roaming\Facebook 2010-04-18 16:05 . 2010-04-23 16:56 -------- d-----w- c:\users\Joel\AppData\Roaming\TrueCrypt 2010-04-18 15:56 . 2010-04-18 15:56 -------- d-----w- c:\programdata\TrueCrypt 2010-04-18 15:55 . 2010-04-18 15:55 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2010-04-18 15:55 . 2010-04-18 15:55 -------- d-----w- c:\program files\TrueCrypt 2010-04-18 05:01 . 2010-04-18 05:02 -------- d-----w- c:\program files\TagRename 2010-04-18 02:27 . 2010-04-18 02:27 -------- d-----w- c:\windows\system32\Wat 2010-04-17 14:19 . 2010-04-17 16:13 -------- d-----w- c:\users\Joel\AppData\Roaming\DivX 2010-04-17 14:19 . 2010-05-05 14:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-04-17 14:18 . 2010-04-17 14:18 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-04-17 14:04 . 2010-05-05 14:50 -------- d-----w- c:\program files\DivX 2010-04-17 14:03 . 2010-05-05 15:05 -------- d-----w- c:\programdata\DivX 2010-04-17 00:33 . 2010-04-17 00:33 -------- d-----w- c:\programdata\Adobe Systems 2010-04-17 00:32 . 2010-04-17 16:06 -------- d-----w- c:\users\Joel\AppData\Local\Adobe 2010-04-16 22:22 . 2010-04-16 22:22 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2010-04-16 21:28 . 2010-04-16 21:28 -------- d-----w- c:\users\Joel\AppData\Roaming\OpenOffice.org 2010-04-16 21:26 . 2010-04-23 22:50 -------- d-----w- c:\programdata\FLEXnet 2010-04-16 21:14 . 2010-04-24 06:13 -------- d-----w- c:\program files\OpenOffice.org 3 2010-04-16 21:14 . 2010-04-16 21:14 -------- d-----w- c:\program files\Common Files\Java 2010-04-16 21:13 . 2010-04-16 21:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-16 21:13 . 2010-04-16 21:13 -------- d-----w- c:\program files\Java 2010-04-16 20:50 . 2010-04-16 20:50 -------- d-----w- c:\users\Joel\AppData\Roaming\FastStone 2010-04-16 20:04 . 2010-04-16 20:04 -------- d-----w- c:\program files\PowerISO 2010-04-16 19:48 . 2007-03-22 05:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2010-04-16 19:48 . 2007-02-24 21:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2010-04-16 19:48 . 2007-01-23 23:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2010-04-16 19:48 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll 2010-04-16 19:48 . 2010-04-27 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-16 19:47 . 2010-04-27 02:18 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-16 19:37 . 2010-04-29 17:07 -------- d-----w- c:\users\Joel\AppData\Local\Apple Computer 2010-04-16 19:37 . 2010-04-25 19:31 -------- d-----w- c:\users\Joel\AppData\Roaming\Apple Computer 2010-04-16 19:37 . 2010-04-16 19:37 -------- dc----w- c:\windows\system32\DRVSTORE 2010-04-16 19:37 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-16 19:37 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-04-16 19:36 . 2010-04-16 19:36 -------- d-----w- c:\program files\iPod 2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\program files\iTunes 2010-04-16 19:34 . 2010-04-16 19:35 -------- d-----w- c:\program files\QuickTime 2010-04-16 19:34 . 2010-04-16 19:36 -------- d-----w- c:\programdata\Apple Computer 2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\users\Joel\AppData\Local\Apple 2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\program files\Apple Software Update 2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\program files\Bonjour 2010-04-16 19:33 . 2010-04-16 19:36 -------- d-----w- c:\program files\Common Files\Apple 2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\programdata\Apple 2010-04-16 19:24 . 2010-05-07 02:42 -------- d-----w- c:\users\Joel\AppData\Roaming\vlc 2010-04-16 17:32 . 2010-04-16 17:32 -------- d-----w- c:\program files\GreedyTorrent 2010-04-16 17:18 . 2006-03-17 21:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll 2010-04-16 17:18 . 2006-03-17 18:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll 2010-04-16 17:18 . 2006-03-17 18:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll 2010-04-16 17:18 . 2006-03-17 18:45 258048 ----a-w- c:\windows\system32\imagXR7.dll 2010-04-16 17:18 . 2006-03-17 18:45 1757184 ----a-w- c:\windows\system32\imagX7.dll 2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Nero 2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\programdata\Nero 2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Common Files\Nero 2010-04-16 17:14 . 2010-04-16 17:14 -------- d-----w- c:\program files\VideoLAN 2010-04-16 17:09 . 2010-04-16 17:09 0 ----a-w- c:\windows\nsreg.dat 2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Local\Thunderbird 2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Roaming\Thunderbird 2010-04-16 17:08 . 2010-05-03 23:53 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-04-16 16:21 . 2010-04-16 16:50 -------- d-----w- c:\programdata\BitDefender 2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\users\Joel\AppData\Roaming\BitDefender 2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\program files\BitDefender 2010-04-16 16:19 . 2010-04-16 16:49 -------- d-----w- c:\program files\Common Files\BitDefender 2010-04-16 16:13 . 2010-05-02 15:24 -------- d-----w- c:\program files\uTorrent 2010-04-16 16:10 . 2010-05-06 17:43 2356 ----a-w- c:\windows\system32\secushr.dat 2010-04-16 16:10 . 2010-04-16 16:10 -------- d-----w- c:\users\Joel\AppData\Roaming\FlashGet 2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Logitech 2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Common Files\Logitech 2010-04-16 15:11 . 2010-04-29 16:39 -------- d-----w- c:\programdata\DVD Shrink 2010-04-16 15:11 . 2010-04-18 05:19 -------- d-----w- c:\program files\DVD Shrink 2010-04-16 14:54 . 2010-04-16 14:54 -------- d-----w- c:\windows\system32\Macromed . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-05 15:05 . 2010-04-17 14:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-05 14:50 . 2010-05-05 14:50 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-05 14:50 . 2010-05-05 14:50 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-05-05 14:50 . 2010-05-05 14:50 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-05-05 14:50 . 2010-05-05 14:50 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-05-05 14:35 . 2010-04-17 14:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-05 14:35 . 2010-04-17 14:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-05-05 14:35 . 2010-04-17 14:19 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-05-05 14:34 . 2010-05-05 14:34 388096 ----a-r- c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-24 19:34 . 2010-04-24 19:34 85504 ----a-w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-04-21 17:40 . 2010-04-16 21:28 1 ----a-w- c:\users\Joel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-19 19:36 . 2010-04-19 19:36 50354 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\uninstall.exe 2010-04-17 14:19 . 2010-04-17 14:19 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2010-04-16 19:52 . 2010-04-16 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll 2010-02-27 12:07 . 2010-04-16 03:47 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07 . 2010-04-16 03:47 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-23 07:56 . 2010-04-16 03:47 977920 ----a-w- c:\windows\system32\wininet.dll 2010-02-22 21:58 . 2010-02-22 21:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((( SnapShot@2010-05-07_01.56.08 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-16 02:23 . 2010-05-07 14:46 26272 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2010-05-07 17:08 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2010-05-07 01:57 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-04-16 03:22 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-16 03:22 . 2010-05-07 17:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-16 03:22 . 2010-05-07 01:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-04-16 03:22 . 2010-05-07 17:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2010-05-07 17:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-16 19:07 . 2010-05-07 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-16 19:07 . 2010-05-07 01:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-04-16 19:07 . 2010-05-07 17:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-16 19:07 . 2010-05-07 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-17 17:21 . 2010-05-07 04:42 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat - 2010-04-17 17:21 . 2010-05-07 01:54 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat + 2010-04-16 03:42 . 2010-05-07 17:08 7932 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-876052268-1848050255-1347733830-1000_UserData.bin + 2010-05-07 14:44 . 2010-05-07 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-05-07 14:44 . 2010-05-07 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:05 . 2010-05-07 00:14 615360 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-05-07 15:15 615360 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-05-07 15:15 103702 c:\windows\System32\perfc009.dat - 2009-07-14 02:05 . 2010-05-07 00:14 103702 c:\windows\System32\perfc009.dat + 2009-07-14 02:03 . 2010-05-07 16:36 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:03 . 2010-05-07 01:48 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2010-04-16 02:20 . 2010-05-06 19:02 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-04-16 02:20 . 2010-05-07 04:42 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-02 321328] "GreedyTorrent"="c:\program files\GreedyTorrent\GTor.exe" [2007-03-08 2526661] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-11-11 3124160] "Google Update"="c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-20 183880] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-05 79368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000Core.job - c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43] 2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000UA.job - c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000 IE: Download All By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\3tzksjjy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll HKCU-Run-qomllldrv - tusqnn.dll HKLM-Run-rqomjjdrv - tusqnn.dll HKLM-Run-fcccbbsys - rqpomm.dll HKU-Default-Run-vtusqqsys - rqpomm.dll HKU-Default-Run-ddayxxdrv - tusqnn.dll . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />" "Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs=" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2010\vsserv.exe c:\windows\system32\rundll32.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\conhost.exe c:\program files\BitDefender\BitDefender 2010\seccenter.exe c:\windows\System32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2010-05-07 12:14:12 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-07 17:14 ComboFix2.txt 2010-05-07 15:17 ComboFix3.txt 2010-05-07 02:02 Pre-Run: 50,546,237,440 bytes free Post-Run: 50,493,538,304 bytes free - - End Of File - - 81694A5FB6A0BA077A3229C0D989CEEB Attach.zip
  5. joelstitch
    ComboFix 10-05-06.01 - Joel 05/07/2010 9:56.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.1053 [GMT -5:00] Running from: c:\users\Joel\Desktop\ComboFix.exe Command switches used :: c:\users\Joel\Desktop\CFScript.txt FILE :: "c:\windows\system32\rqpomm.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Joel\AppData\Roaming\windrvswld c:\users\Joel\AppData\Roaming\windrvswld\config.ini c:\users\Joel\AppData\Roaming\windrvswld\windrvswld.exe c:\users\Joel\windrvswld.exe c:\windows\system32\byvwvs.dll c:\windows\system32\rqpomm.dll c:\windows\system32\tusqnn.dll . ((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 ))))))))))))))))))))))))))))))) . 2010-05-07 15:06 . 2010-05-07 15:10 -------- d-----w- c:\users\Joel\AppData\Local\temp 2010-05-07 15:06 . 2010-05-07 15:06 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-05-07 15:06 . 2010-05-07 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-07 14:54 . 2010-05-07 14:54 -------- d-----w- C:\32788R22FWJFW 2010-05-06 18:05 . 2010-05-07 04:22 -------- d-----w- c:\users\Joel\AppData\Roaming\FileZilla 2010-05-06 18:05 . 2010-05-06 18:05 -------- d-----w- c:\program files\FileZilla FTP Client 2010-05-06 17:43 . 2010-05-06 17:46 -------- d-----w- c:\users\Joel\AppData\Local\Google 2010-05-06 04:32 . 2010-05-07 15:10 87552 ---ha-w- c:\windows\system32\rqpomm.dll 2010-05-05 14:34 . 2010-05-05 14:34 -------- d-----w- c:\program files\Trend Micro 2010-05-03 01:02 . 2010-05-03 01:02 -------- d-----w- c:\users\Joel\AppData\Roaming\Malwarebytes 2010-05-03 00:04 . 2010-05-06 04:48 -------- d-----w- c:\users\Joel\AppData\Local\ElevatedDiagnostics 2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-05-02 17:25 . 2010-05-03 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-02 06:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-02 06:06 . 2010-05-02 06:06 -------- d-----w- c:\programdata\Malwarebytes 2010-05-02 06:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-30 20:19 . 2010-04-30 20:19 -------- d-----w- c:\program files\Music NFO Builder 2010-04-29 17:04 . 2010-05-04 15:49 -------- d-----w- c:\users\Joel\AppData\Roaming\dvdcss 2010-04-29 16:53 . 2010-04-29 16:53 -------- d-----w- c:\program files\Elaborate Bytes 2010-04-29 16:52 . 2010-04-29 16:52 -------- d-----w- c:\programdata\SlySoft 2010-04-29 16:51 . 2010-04-29 16:51 -------- d-----w- c:\program files\SlySoft 2010-04-28 16:11 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-28 16:10 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-28 16:10 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-27 02:18 . 2010-04-27 13:36 -------- d-----w- c:\program files\DOOM 3 2010-04-26 20:53 . 2010-05-03 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 03:27 . 2010-04-26 03:27 -------- d-----w- c:\programdata\Protexis 2010-04-26 02:59 . 2010-04-26 02:59 -------- d-----w- c:\users\Joel\AppData\Roaming\REAPER 2010-04-26 02:53 . 2010-04-26 03:10 -------- d-----w- c:\program files\REAPER 2010-04-26 01:58 . 2010-04-26 01:58 -------- d-----w- c:\program files\CFToolbox 2010-04-25 20:21 . 2010-04-25 20:21 -------- d-----w- c:\users\Joel\AppData\Local\iTunesKeys2 2010-04-25 20:19 . 2010-04-25 20:19 -------- d-----w- c:\program files\iTunesKeys 2010-04-24 22:53 . 2010-05-06 17:28 -------- d-----w- c:\program files\JDownloader 2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Ask.com 2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\users\Joel\AppData\Roaming\Foxit 2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Foxit Software 2010-04-24 20:14 . 2010-04-24 20:14 -------- d-----w- c:\program files\MSECache 2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\program files\SystemRequirementsLab 2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab 2010-04-24 19:34 . 2010-05-03 02:49 -------- d-----w- c:\windows\Sun 2010-04-24 19:30 . 2010-04-24 19:30 -------- d-----w- c:\program files\Common Files\Steam 2010-04-24 19:30 . 2010-04-27 01:44 -------- d-----w- c:\program files\Steam 2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\windows\PCHEALTH 2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\program files\Microsoft.NET 2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----w- c:\users\Joel\AppData\Local\Microsoft Help 2010-04-24 06:00 . 2010-04-24 06:07 -------- d-----w- c:\programdata\Microsoft Help 2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----r- C:\MSOCache 2010-04-23 22:44 . 2010-04-23 22:46 -------- d-----w- c:\program files\Picture Resize Genius 2010-04-22 16:39 . 2010-05-03 03:32 -------- d-----w- c:\programdata\Rosetta Stone 2010-04-20 17:49 . 2010-04-20 17:49 -------- d-----w- c:\program files\Rosetta Stone 2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\users\Joel\AppData\Roaming\VirtuaWin 2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\program files\VirtuaWin 2010-04-20 14:59 . 2010-05-07 15:10 -------- d-----w- c:\windows\system32\wbem\repository 2010-04-20 03:50 . 2010-04-20 03:50 -------- d-----w- c:\users\Joel\AppData\Local\Logitech 2010-04-20 00:16 . 2010-04-20 00:28 -------- d-----w- c:\program files\360desktop 2010-04-20 00:16 . 2010-04-20 00:16 -------- d-----w- c:\users\Joel\AppData\Roaming\360desktop 2010-04-19 19:36 . 2010-04-19 19:36 -------- d-----w- c:\users\Joel\AppData\Roaming\Facebook 2010-04-18 16:05 . 2010-04-23 16:56 -------- d-----w- c:\users\Joel\AppData\Roaming\TrueCrypt 2010-04-18 15:56 . 2010-04-18 15:56 -------- d-----w- c:\programdata\TrueCrypt 2010-04-18 15:55 . 2010-04-18 15:55 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2010-04-18 15:55 . 2010-04-18 15:55 -------- d-----w- c:\program files\TrueCrypt 2010-04-18 05:06 . 2010-05-07 15:10 95744 ---ha-w- c:\windows\system32\tusqnn.dll 2010-04-18 05:01 . 2010-04-18 05:02 -------- d-----w- c:\program files\TagRename 2010-04-18 02:27 . 2010-04-18 02:27 -------- d-----w- c:\windows\system32\Wat 2010-04-17 14:19 . 2010-04-17 16:13 -------- d-----w- c:\users\Joel\AppData\Roaming\DivX 2010-04-17 14:19 . 2010-05-05 14:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-04-17 14:18 . 2010-04-17 14:18 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-04-17 14:04 . 2010-05-05 14:50 -------- d-----w- c:\program files\DivX 2010-04-17 14:03 . 2010-05-05 15:05 -------- d-----w- c:\programdata\DivX 2010-04-17 00:33 . 2010-04-17 00:33 -------- d-----w- c:\programdata\Adobe Systems 2010-04-17 00:32 . 2010-04-17 16:06 -------- d-----w- c:\users\Joel\AppData\Local\Adobe 2010-04-16 22:22 . 2010-04-16 22:22 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2010-04-16 21:28 . 2010-04-16 21:28 -------- d-----w- c:\users\Joel\AppData\Roaming\OpenOffice.org 2010-04-16 21:26 . 2010-04-23 22:50 -------- d-----w- c:\programdata\FLEXnet 2010-04-16 21:14 . 2010-04-24 06:13 -------- d-----w- c:\program files\OpenOffice.org 3 2010-04-16 21:14 . 2010-04-16 21:14 -------- d-----w- c:\program files\Common Files\Java 2010-04-16 21:13 . 2010-04-16 21:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-16 21:13 . 2010-04-16 21:13 -------- d-----w- c:\program files\Java 2010-04-16 20:50 . 2010-04-16 20:50 -------- d-----w- c:\users\Joel\AppData\Roaming\FastStone 2010-04-16 20:04 . 2010-04-16 20:04 -------- d-----w- c:\program files\PowerISO 2010-04-16 19:48 . 2007-03-22 05:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2010-04-16 19:48 . 2007-02-24 21:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2010-04-16 19:48 . 2007-01-23 23:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2010-04-16 19:48 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll 2010-04-16 19:48 . 2010-04-27 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-16 19:47 . 2010-04-27 02:18 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-16 19:37 . 2010-04-29 17:07 -------- d-----w- c:\users\Joel\AppData\Local\Apple Computer 2010-04-16 19:37 . 2010-04-25 19:31 -------- d-----w- c:\users\Joel\AppData\Roaming\Apple Computer 2010-04-16 19:37 . 2010-04-16 19:37 -------- dc----w- c:\windows\system32\DRVSTORE 2010-04-16 19:37 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-16 19:37 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-04-16 19:36 . 2010-04-16 19:36 -------- d-----w- c:\program files\iPod 2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\program files\iTunes 2010-04-16 19:34 . 2010-04-16 19:35 -------- d-----w- c:\program files\QuickTime 2010-04-16 19:34 . 2010-04-16 19:36 -------- d-----w- c:\programdata\Apple Computer 2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\users\Joel\AppData\Local\Apple 2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\program files\Apple Software Update 2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\program files\Bonjour 2010-04-16 19:33 . 2010-04-16 19:36 -------- d-----w- c:\program files\Common Files\Apple 2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\programdata\Apple 2010-04-16 19:24 . 2010-05-07 02:42 -------- d-----w- c:\users\Joel\AppData\Roaming\vlc 2010-04-16 17:32 . 2010-04-16 17:32 -------- d-----w- c:\program files\GreedyTorrent 2010-04-16 17:18 . 2006-03-17 21:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll 2010-04-16 17:18 . 2006-03-17 18:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll 2010-04-16 17:18 . 2006-03-17 18:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll 2010-04-16 17:18 . 2006-03-17 18:45 258048 ----a-w- c:\windows\system32\imagXR7.dll 2010-04-16 17:18 . 2006-03-17 18:45 1757184 ----a-w- c:\windows\system32\imagX7.dll 2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Nero 2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\programdata\Nero 2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Common Files\Nero 2010-04-16 17:14 . 2010-04-16 17:14 -------- d-----w- c:\program files\VideoLAN 2010-04-16 17:09 . 2010-04-16 17:09 0 ----a-w- c:\windows\nsreg.dat 2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Local\Thunderbird 2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Roaming\Thunderbird 2010-04-16 17:08 . 2010-05-03 23:53 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-04-16 16:21 . 2010-04-16 16:50 -------- d-----w- c:\programdata\BitDefender 2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\users\Joel\AppData\Roaming\BitDefender 2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\program files\BitDefender 2010-04-16 16:19 . 2010-04-16 16:49 -------- d-----w- c:\program files\Common Files\BitDefender 2010-04-16 16:13 . 2010-05-02 15:24 -------- d-----w- c:\program files\uTorrent 2010-04-16 16:10 . 2010-05-06 17:43 2356 ----a-w- c:\windows\system32\secushr.dat 2010-04-16 16:10 . 2010-04-16 16:10 -------- d-----w- c:\users\Joel\AppData\Roaming\FlashGet 2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Logitech 2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Common Files\Logitech . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-05 15:05 . 2010-04-17 14:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-05 14:50 . 2010-05-05 14:50 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-05 14:50 . 2010-05-05 14:50 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-05-05 14:50 . 2010-05-05 14:50 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-05-05 14:50 . 2010-05-05 14:50 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-05-05 14:49 . 2010-05-05 14:49 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-05-05 14:35 . 2010-04-17 14:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-05 14:35 . 2010-04-17 14:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-05-05 14:35 . 2010-04-17 14:19 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-05-05 14:34 . 2010-05-05 14:34 388096 ----a-r- c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-24 19:34 . 2010-04-24 19:34 85504 ----a-w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-04-21 17:40 . 2010-04-16 21:28 1 ----a-w- c:\users\Joel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-19 19:36 . 2010-04-19 19:36 50354 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\uninstall.exe 2010-04-17 14:19 . 2010-04-17 14:19 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-04-17 14:18 . 2010-04-17 14:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2010-04-16 19:52 . 2010-04-16 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll 2010-02-27 12:07 . 2010-04-16 03:47 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07 . 2010-04-16 03:47 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-23 07:56 . 2010-04-16 03:47 977920 ----a-w- c:\windows\system32\wininet.dll 2010-02-22 21:58 . 2010-02-22 21:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((( SnapShot@2010-05-07_01.56.08 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-16 02:23 . 2010-05-07 14:46 26272 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2010-05-07 15:11 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2010-05-07 01:57 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-04-16 03:22 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-16 03:22 . 2010-05-07 15:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-16 03:22 . 2010-05-07 01:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-04-16 03:22 . 2010-05-07 15:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2010-05-07 15:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-16 19:07 . 2010-05-07 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-16 19:07 . 2010-05-07 01:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-04-16 19:07 . 2010-05-07 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-16 19:07 . 2010-05-07 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-17 17:21 . 2010-05-07 04:42 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat - 2010-04-17 17:21 . 2010-05-07 01:54 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat + 2010-04-16 03:42 . 2010-05-07 15:11 7884 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-876052268-1848050255-1347733830-1000_UserData.bin + 2010-05-07 14:44 . 2010-05-07 15:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-05-07 14:44 . 2010-05-07 15:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:05 . 2010-05-07 00:14 615360 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-05-07 14:48 615360 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-05-07 14:48 103702 c:\windows\System32\perfc009.dat - 2009-07-14 02:05 . 2010-05-07 00:14 103702 c:\windows\System32\perfc009.dat + 2009-07-14 02:03 . 2010-05-07 04:37 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:03 . 2010-05-07 01:48 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2010-04-16 02:20 . 2010-05-06 19:02 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-04-16 02:20 . 2010-05-07 04:42 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-02 321328] "GreedyTorrent"="c:\program files\GreedyTorrent\GTor.exe" [2007-03-08 2526661] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-11-11 3124160] "Google Update"="c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] "bywwwwdrv"="tusqnn.dll" [2010-05-07 95744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "yaxxwwdrv"="tusqnn.dll" [2010-05-07 95744] "vtrsstsys"="rqpomm.dll" [2010-05-07 87552] "mlmlkksys"="rqpomm.dll" [2010-05-07 87552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ddbyvvsys"="rqpomm.dll" [2010-05-07 87552] "awwussdrv"="tusqnn.dll" [2010-05-07 95744] c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 rqpomm.dll R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-20 183880] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-05 79368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000Core.job - c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43] 2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000UA.job - c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000 IE: Download All By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\3tzksjjy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />" "Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs=" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\System32\tusqnn.dll - - - - - - - > 'Explorer.exe'(3924) c:\windows\System32\tusqnn.dll - - - - - - - > 'csrss.exe'(608) c:\windows\system32\rqpomm.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2010\vsserv.exe c:\windows\system32\rundll32.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\conhost.exe c:\program files\BitDefender\BitDefender 2010\seccenter.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2010-05-07 10:17:06 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-07 15:17 ComboFix2.txt 2010-05-07 02:02 Pre-Run: 51,458,412,544 bytes free Post-Run: 50,832,662,528 bytes free - - End Of File - - 355C271363FC726B9BCF5068CA17A7FE Attach.zip
  6. joelstitch
    Ok here it is. ComboFix.txt
  7. joelstitch
    Ok here are the results (on the attached ZIP File). I hope to get help soon, this virus/trojan is driving me insane! Attach.zip
  8. joelstitch
    So my problem is that Malwarebbytes and Windows Defender arent opening. If I change the name of mbam.exe to something else it works, but it's not detecting the malware. Also, everytime I do a search on Google and click on a result it takes me to a random website. Here is my Hijackthis log file: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:44:26 AM, on 5/5/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\Windows\System32\rundll32.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\GreedyTorrent\GTor.exe C:\Users\Joel\AppData\Roaming\windrvswld\windrvswld.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\VirtuaWin\VirtuaWin.exe C:\Program Files\VirtuaWin\modules\WinList.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe C:\Windows\explorer.exe C:\Users\Joel\AppData\Local\Temp\divBD07.tmp\divCE6B.tmp C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Joel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [pmnklldrv] rundll32.exe "tusqnn.dll",s O4 - HKLM\..\Run: [yabyxwsys] rundll32.exe "awuuts.dll",DllRegisterServer O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray O4 - HKCU\..\Run: [windrvswld] C:\Users\Joel\AppData\Roaming\windrvswld\windrvswld.exe O4 - HKCU\..\Run: [360desktop] "C:\Program Files\360desktop\360desktop.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [gebyvudrv] rundll32.exe "tusqnn.dll",s O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [fcywvsdrv] rundll32.exe "tusqnn.dll",s (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [fcywvsdrv] rundll32.exe "tusqnn.dll",s (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000 O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll O15 - Trusted Zone: http://software.kuaiche.com O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- End of file - 7393 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.