Jump to content

Recommended Posts

So my problem is that Malwarebbytes and Windows Defender arent opening. If I change the name of mbam.exe to something else it works, but it's not detecting the malware. Also, everytime I do a search on Google and click on a result it takes me to a random website.

Here is my Hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:44:26 AM, on 5/5/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\GreedyTorrent\GTor.exe

C:\Users\Joel\AppData\Roaming\windrvswld\windrvswld.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\VirtuaWin\VirtuaWin.exe

C:\Program Files\VirtuaWin\modules\WinList.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe

C:\Windows\explorer.exe

C:\Users\Joel\AppData\Local\Temp\divBD07.tmp\divCE6B.tmp

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Joel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll

O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [pmnklldrv] rundll32.exe "tusqnn.dll",s

O4 - HKLM\..\Run: [yabyxwsys] rundll32.exe "awuuts.dll",DllRegisterServer

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray

O4 - HKCU\..\Run: [windrvswld] C:\Users\Joel\AppData\Roaming\windrvswld\windrvswld.exe

O4 - HKCU\..\Run: [360desktop] "C:\Program Files\360desktop\360desktop.exe"

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [gebyvudrv] rundll32.exe "tusqnn.dll",s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [fcywvsdrv] rundll32.exe "tusqnn.dll",s (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [fcywvsdrv] rundll32.exe "tusqnn.dll",s (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe

O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000

O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll

O15 - Trusted Zone: http://software.kuaiche.com

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--

End of file - 7393 bytes

Link to post
Share on other sites

We will begin the fix with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi joelstitch,

I took the liberty of copying and pasting the cf log into the forum as it's easier for me to review that way. Please don't upload logs unless asked or needed if they're too big.

ComboFix 10-05-06.01 - Joel 05/06/2010 20:43:14.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.1144 [GMT -5:00]

Running from: c:\users\Joel\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet 3\adns.dll

c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll

c:\program files\FlashGet Network\FlashGet 3\BugReport.dll

c:\program files\FlashGet Network\FlashGet 3\BugReport.exe

c:\program files\FlashGet Network\FlashGet 3\cd1.ico

c:\program files\FlashGet Network\FlashGet 3\ckcore.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll

c:\program files\FlashGet Network\FlashGet 3\commonlib.dll

c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll

c:\program files\FlashGet Network\FlashGet 3\config\clients.met

c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak

c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat

c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met

c:\program files\FlashGet Network\FlashGet 3\config\known.met

c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met

c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat

c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini

c:\program files\FlashGet Network\FlashGet 3\config\server.met

c:\program files\FlashGet Network\FlashGet 3\config\server_met.old

c:\program files\FlashGet Network\FlashGet 3\config\upload.met

c:\program files\FlashGet Network\FlashGet 3\corestat.dll

c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll

c:\program files\FlashGet Network\FlashGet 3\fg.ico

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml

c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe

c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe

c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi

c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll

c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll

c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll

c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll

c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll

c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll

c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll

c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll

c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll

c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll

c:\program files\FlashGet Network\FlashGet 3\game.ico

c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic

c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll

c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm

c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm

c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe

c:\program files\FlashGet Network\FlashGet 3\libem.dll

c:\program files\FlashGet Network\FlashGet 3\license.txt

c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin

c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini

c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll

c:\program files\FlashGet Network\FlashGet 3\p2score.dll

c:\program files\FlashGet Network\FlashGet 3\perf.ini

c:\program files\FlashGet Network\FlashGet 3\pncrt.dll

c:\program files\FlashGet Network\FlashGet 3\pstat.dat

c:\program files\FlashGet Network\FlashGet 3\pup.dat

c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll

c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png

c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll

c:\program files\FlashGet Network\FlashGet 3\storage.dll

c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe

c:\program files\FlashGet Network\FlashGet 3\uninst.exe

c:\program files\FlashGet Network\FlashGet 3\VodCore.dll

c:\program files\FlashGet Network\FlashGet 3\zlib.dll

c:\users\Joel\AppData\Roaming\BITS

c:\users\Joel\AppData\Roaming\BITS\BITS.ini

c:\users\Joel\AppData\Roaming\BITS\DHTTable.dat

c:\users\Joel\AppData\Roaming\BITS\ProxyList.ini

c:\users\Joel\AppData\Roaming\BITS\UPnP.ini

c:\users\Joel\AppData\Roaming\FlashGetBHO

c:\users\Joel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

c:\users\Joel\AppData\Roaming\FlashGetBHO\FlashGetHook.dll

c:\users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

c:\users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm

c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk

c:\windows\system32\FAE93840F8.dll

c:\windows\system32\rqpomm.dll

c:\windows\system32\secustat.dat

c:\windows\system32\tusqnn.dll

.

((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))

.

2010-05-07 01:52 . 2010-05-07 01:56 -------- d-----w- c:\users\Joel\AppData\Local\temp

2010-05-07 01:52 . 2010-05-07 01:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-06 18:05 . 2010-05-06 21:58 -------- d-----w- c:\users\Joel\AppData\Roaming\FileZilla

2010-05-06 18:05 . 2010-05-06 18:05 -------- d-----w- c:\program files\FileZilla FTP Client

2010-05-06 17:43 . 2010-05-06 17:46 -------- d-----w- c:\users\Joel\AppData\Local\Google

2010-05-06 04:32 . 2010-05-07 01:56 87552 ---ha-w- c:\windows\system32\rqpomm.dll

2010-05-05 14:34 . 2010-05-05 14:34 -------- d-----w- c:\program files\Trend Micro

2010-05-03 01:02 . 2010-05-03 01:02 -------- d-----w- c:\users\Joel\AppData\Roaming\Malwarebytes

2010-05-03 00:04 . 2010-05-06 04:48 -------- d-----w- c:\users\Joel\AppData\Local\ElevatedDiagnostics

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-05-02 17:25 . 2010-05-03 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-02 06:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-02 06:06 . 2010-05-02 06:06 -------- d-----w- c:\programdata\Malwarebytes

2010-05-02 06:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-30 20:19 . 2010-04-30 20:19 -------- d-----w- c:\program files\Music NFO Builder

2010-04-29 17:04 . 2010-05-04 15:49 -------- d-----w- c:\users\Joel\AppData\Roaming\dvdcss

2010-04-29 16:53 . 2010-04-29 16:53 -------- d-----w- c:\program files\Elaborate Bytes

2010-04-29 16:52 . 2010-04-29 16:52 -------- d-----w- c:\programdata\SlySoft

2010-04-29 16:51 . 2010-04-29 16:51 -------- d-----w- c:\program files\SlySoft

2010-04-28 16:11 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-28 16:10 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-28 16:10 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-27 02:18 . 2010-04-27 13:36 -------- d-----w- c:\program files\DOOM 3

2010-04-26 20:53 . 2010-05-03 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-26 03:27 . 2010-04-26 03:27 -------- d-----w- c:\programdata\Protexis

2010-04-26 03:26 . 2010-04-26 03:26 -------- d-----w- c:\program files\National Instruments

2010-04-26 03:26 . 2010-04-26 03:26 -------- d-----w- c:\program files\nvhsoftware

2010-04-26 02:59 . 2010-04-26 02:59 -------- d-----w- c:\users\Joel\AppData\Roaming\REAPER

2010-04-26 02:53 . 2010-04-26 03:10 -------- d-----w- c:\program files\REAPER

2010-04-26 01:58 . 2010-04-26 01:58 -------- d-----w- c:\program files\CFToolbox

2010-04-25 20:21 . 2010-04-25 20:21 -------- d-----w- c:\users\Joel\AppData\Local\iTunesKeys2

2010-04-25 20:19 . 2010-04-25 20:19 -------- d-----w- c:\program files\iTunesKeys

2010-04-24 22:53 . 2010-05-06 17:28 -------- d-----w- c:\program files\JDownloader

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Ask.com

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\users\Joel\AppData\Roaming\Foxit

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Foxit Software

2010-04-24 20:14 . 2010-04-24 20:14 -------- d-----w- c:\program files\MSECache

2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\program files\SystemRequirementsLab

2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab

2010-04-24 19:34 . 2010-05-03 02:49 -------- d-----w- c:\windows\Sun

2010-04-24 19:30 . 2010-04-24 19:30 -------- d-----w- c:\program files\Common Files\Steam

2010-04-24 19:30 . 2010-04-27 01:44 -------- d-----w- c:\program files\Steam

2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\windows\PCHEALTH

2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\program files\Microsoft.NET

2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----w- c:\users\Joel\AppData\Local\Microsoft Help

2010-04-24 06:00 . 2010-04-24 06:07 -------- d-----w- c:\programdata\Microsoft Help

2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----r- C:\MSOCache

2010-04-23 22:44 . 2010-04-23 22:46 -------- d-----w- c:\program files\Picture Resize Genius

2010-04-22 16:39 . 2010-05-03 03:32 -------- d-----w- c:\programdata\Rosetta Stone

2010-04-20 17:49 . 2010-04-20 17:49 -------- d-----w- c:\program files\Rosetta Stone

2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\users\Joel\AppData\Roaming\VirtuaWin

2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\program files\VirtuaWin

2010-04-20 14:59 . 2010-05-07 01:55 -------- d-----w- c:\windows\system32\wbem\repository

2010-04-20 03:50 . 2010-04-20 03:50 -------- d-----w- c:\users\Joel\AppData\Local\Logitech

2010-04-20 00:16 . 2010-04-20 00:28 -------- d-----w- c:\program files\360desktop

2010-04-20 00:16 . 2010-04-20 00:16 -------- d-----w- c:\users\Joel\AppData\Roaming\360desktop

2010-04-19 19:36 . 2010-04-19 19:36 -------- d-----w- c:\users\Joel\AppData\Roaming\Facebook

2010-04-19 14:32 . 2010-04-19 14:32 91136 ---ha-w- c:\windows\system32\byvwvs.dll

2010-04-18 16:05 . 2010-04-23 16:56 -------- d-----w- c:\users\Joel\AppData\Roaming\TrueCrypt

2010-04-18 15:56 . 2010-04-18 15:56 -------- d-----w- c:\programdata\TrueCrypt

2010-04-18 15:55 . 2010-04-18 15:55 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-04-18 15:55 . 2010-04-18 15:55 -------- d-----w- c:\program files\TrueCrypt

2010-04-18 05:06 . 2010-05-07 01:56 95744 ---ha-w- c:\windows\system32\tusqnn.dll

2010-04-18 05:01 . 2010-04-18 05:02 -------- d-----w- c:\program files\TagRename

2010-04-18 05:01 . 2010-04-18 05:01 -------- d-----w- c:\users\Joel\AppData\Roaming\windrvswld

2010-04-18 05:01 . 2010-04-18 05:01 372021 ----a-w- c:\users\Joel\windrvswld.exe

2010-04-18 02:27 . 2010-04-18 02:27 -------- d-----w- c:\windows\system32\Wat

2010-04-17 14:19 . 2010-04-17 16:13 -------- d-----w- c:\users\Joel\AppData\Roaming\DivX

2010-04-17 14:19 . 2010-05-05 14:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-04-17 14:18 . 2010-04-17 14:18 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-04-17 14:04 . 2010-05-05 14:50 -------- d-----w- c:\program files\DivX

2010-04-17 14:03 . 2010-05-05 15:05 -------- d-----w- c:\programdata\DivX

2010-04-17 00:33 . 2010-04-17 00:33 -------- d-----w- c:\programdata\Adobe Systems

2010-04-17 00:32 . 2010-04-17 16:06 -------- d-----w- c:\users\Joel\AppData\Local\Adobe

2010-04-16 22:22 . 2010-04-16 22:22 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

2010-04-16 21:28 . 2010-04-16 21:28 -------- d-----w- c:\users\Joel\AppData\Roaming\OpenOffice.org

2010-04-16 21:26 . 2010-04-23 22:50 -------- d-----w- c:\programdata\FLEXnet

2010-04-16 21:14 . 2010-04-24 06:13 -------- d-----w- c:\program files\OpenOffice.org 3

2010-04-16 21:14 . 2010-04-16 21:14 -------- d-----w- c:\program files\Common Files\Java

2010-04-16 21:13 . 2010-04-16 21:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-16 21:13 . 2010-04-16 21:13 -------- d-----w- c:\program files\Java

2010-04-16 20:50 . 2010-04-16 20:50 -------- d-----w- c:\users\Joel\AppData\Roaming\FastStone

2010-04-16 20:04 . 2010-04-16 20:04 -------- d-----w- c:\program files\PowerISO

2010-04-16 19:48 . 2007-03-22 05:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2010-04-16 19:48 . 2007-02-24 21:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2010-04-16 19:48 . 2007-01-23 23:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2010-04-16 19:48 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll

2010-04-16 19:48 . 2010-04-27 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-16 19:47 . 2010-04-27 02:18 -------- d-----w- c:\program files\Common Files\InstallShield

2010-04-16 19:37 . 2010-04-29 17:07 -------- d-----w- c:\users\Joel\AppData\Local\Apple Computer

2010-04-16 19:37 . 2010-04-25 19:31 -------- d-----w- c:\users\Joel\AppData\Roaming\Apple Computer

2010-04-16 19:37 . 2010-04-16 19:37 -------- dc----w- c:\windows\system32\DRVSTORE

2010-04-16 19:37 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-04-16 19:37 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-04-16 19:36 . 2010-04-16 19:36 -------- d-----w- c:\program files\iPod

2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\program files\iTunes

2010-04-16 19:34 . 2010-04-16 19:35 -------- d-----w- c:\program files\QuickTime

2010-04-16 19:34 . 2010-04-16 19:36 -------- d-----w- c:\programdata\Apple Computer

2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\users\Joel\AppData\Local\Apple

2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\program files\Apple Software Update

2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\program files\Bonjour

2010-04-16 19:33 . 2010-04-16 19:36 -------- d-----w- c:\program files\Common Files\Apple

2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\programdata\Apple

2010-04-16 19:24 . 2010-05-06 22:06 -------- d-----w- c:\users\Joel\AppData\Roaming\vlc

2010-04-16 17:32 . 2010-04-16 17:32 -------- d-----w- c:\program files\GreedyTorrent

2010-04-16 17:18 . 2006-03-17 21:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll

2010-04-16 17:18 . 2006-03-17 18:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll

2010-04-16 17:18 . 2006-03-17 18:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll

2010-04-16 17:18 . 2006-03-17 18:45 258048 ----a-w- c:\windows\system32\imagXR7.dll

2010-04-16 17:18 . 2006-03-17 18:45 1757184 ----a-w- c:\windows\system32\imagX7.dll

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Nero

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\programdata\Nero

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Common Files\Nero

2010-04-16 17:14 . 2010-04-16 17:14 -------- d-----w- c:\program files\VideoLAN

2010-04-16 17:09 . 2010-04-16 17:09 0 ----a-w- c:\windows\nsreg.dat

2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Local\Thunderbird

2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Roaming\Thunderbird

2010-04-16 17:08 . 2010-05-03 23:53 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-04-16 16:21 . 2010-04-16 16:50 -------- d-----w- c:\programdata\BitDefender

2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\users\Joel\AppData\Roaming\BitDefender

2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\program files\BitDefender

2010-04-16 16:19 . 2010-04-16 16:49 -------- d-----w- c:\program files\Common Files\BitDefender

2010-04-16 16:13 . 2010-05-02 15:24 -------- d-----w- c:\program files\uTorrent

2010-04-16 16:10 . 2010-05-06 17:43 2356 ----a-w- c:\windows\system32\secushr.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-05 15:05 . 2010-04-17 14:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-05 14:50 . 2010-05-05 14:50 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-05-05 14:35 . 2010-04-17 14:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-05 14:35 . 2010-04-17 14:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-05-05 14:35 . 2010-04-17 14:19 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-05-05 14:34 . 2010-05-05 14:34 388096 ----a-r- c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-04-24 19:34 . 2010-04-24 19:34 85504 ----a-w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll

2010-04-21 17:40 . 2010-04-16 21:28 1 ----a-w- c:\users\Joel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-19 19:36 . 2010-04-19 19:36 50354 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\uninstall.exe

2010-04-18 05:01 . 2010-04-18 05:01 372021 ----a-w- c:\users\Joel\AppData\Roaming\windrvswld\windrvswld.exe

2010-04-17 14:19 . 2010-04-17 14:19 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe

2010-04-16 19:52 . 2010-04-16 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\axfbootloader.dll

2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

2010-02-27 12:07 . 2010-04-16 03:47 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-27 12:07 . 2010-04-16 03:47 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-23 07:56 . 2010-04-16 03:47 977920 ----a-w- c:\windows\system32\wininet.dll

2010-02-22 21:58 . 2010-02-22 21:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll

2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll

2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll

2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll

2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll

2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll

2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-02 321328]

"GreedyTorrent"="c:\program files\GreedyTorrent\GTor.exe" [2007-03-08 2526661]

"windrvswld"="c:\users\Joel\AppData\Roaming\windrvswld\windrvswld.exe" [2010-04-18 372021]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-11-11 3124160]

"gebyvudrv"="tusqnn.dll" [2010-05-07 95744]

"Google Update"="c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"pmnklldrv"="tusqnn.dll" [2010-05-07 95744]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"efdaaasys"="rqpomm.dll" [2010-05-07 87552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"fcywvsdrv"="tusqnn.dll" [2010-05-07 95744]

"opmlifsys"="rqpomm.dll" [2010-05-07 87552]

c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 rqpomm.dll

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-20 183880]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-05 79368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000Core.job

- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000UA.job

- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Download All By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

Trusted Zone: kuaiche.com\software

FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\3tzksjjy.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-360desktop - c:\program files\360desktop\360desktop.exe

AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"

"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)

c:\windows\System32\tusqnn.dll

- - - - - - - > 'Explorer.exe'(3204)

c:\windows\System32\tusqnn.dll

- - - - - - - > 'csrss.exe'(604)

c:\windows\system32\rqpomm.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2010\vsserv.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\BitDefender\BitDefender 2010\seccenter.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Completion time: 2010-05-06 21:02:33 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-07 02:02

Pre-Run: 52,089,454,592 bytes free

Post-Run: 51,977,789,440 bytes free

- - End Of File - - EC0B4E0C5FAE1BB36378E075F4176080

Link to post
Share on other sites

NOTE: To stay clean in the future you should really avoid downloading torrents and fancy "downloaders". With that said I would suggest you uninstall the following from Control Panel.

uTorrent

Greedytorrent

I would also suggest you uninstall the Ask Toolbar as is was probably bundled with some of the garbage you have downloaded recently.

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://forums.malwarebytes.org/index.php?showtopic=49505&st=0&gopid=246266entry246266

Collect::
c:\windows\system32\byvwvs.dll
c:\windows\system32\tusqnn.dll
c:\users\Joel\windrvswld.exe

File::
c:\windows\system32\rqpomm.dll

Folder::
c:\users\Joel\AppData\Roaming\windrvswld

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windrvswld"=-
"gebyvudrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pmnklldrv"=-
"efdaaasys"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fcywvsdrv"=-
"opmlifsys"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • New DDS logs..

Link to post
Share on other sites

ComboFix 10-05-06.01 - Joel 05/07/2010 9:56.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.1053 [GMT -5:00]

Running from: c:\users\Joel\Desktop\ComboFix.exe

Command switches used :: c:\users\Joel\Desktop\CFScript.txt

FILE ::

"c:\windows\system32\rqpomm.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Joel\AppData\Roaming\windrvswld

c:\users\Joel\AppData\Roaming\windrvswld\config.ini

c:\users\Joel\AppData\Roaming\windrvswld\windrvswld.exe

c:\users\Joel\windrvswld.exe

c:\windows\system32\byvwvs.dll

c:\windows\system32\rqpomm.dll

c:\windows\system32\tusqnn.dll

.

((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))

.

2010-05-07 15:06 . 2010-05-07 15:10 -------- d-----w- c:\users\Joel\AppData\Local\temp

2010-05-07 15:06 . 2010-05-07 15:06 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-05-07 15:06 . 2010-05-07 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-07 14:54 . 2010-05-07 14:54 -------- d-----w- C:\32788R22FWJFW

2010-05-06 18:05 . 2010-05-07 04:22 -------- d-----w- c:\users\Joel\AppData\Roaming\FileZilla

2010-05-06 18:05 . 2010-05-06 18:05 -------- d-----w- c:\program files\FileZilla FTP Client

2010-05-06 17:43 . 2010-05-06 17:46 -------- d-----w- c:\users\Joel\AppData\Local\Google

2010-05-06 04:32 . 2010-05-07 15:10 87552 ---ha-w- c:\windows\system32\rqpomm.dll

2010-05-05 14:34 . 2010-05-05 14:34 -------- d-----w- c:\program files\Trend Micro

2010-05-03 01:02 . 2010-05-03 01:02 -------- d-----w- c:\users\Joel\AppData\Roaming\Malwarebytes

2010-05-03 00:04 . 2010-05-06 04:48 -------- d-----w- c:\users\Joel\AppData\Local\ElevatedDiagnostics

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-05-02 17:25 . 2010-05-03 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-02 06:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-02 06:06 . 2010-05-02 06:06 -------- d-----w- c:\programdata\Malwarebytes

2010-05-02 06:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-30 20:19 . 2010-04-30 20:19 -------- d-----w- c:\program files\Music NFO Builder

2010-04-29 17:04 . 2010-05-04 15:49 -------- d-----w- c:\users\Joel\AppData\Roaming\dvdcss

2010-04-29 16:53 . 2010-04-29 16:53 -------- d-----w- c:\program files\Elaborate Bytes

2010-04-29 16:52 . 2010-04-29 16:52 -------- d-----w- c:\programdata\SlySoft

2010-04-29 16:51 . 2010-04-29 16:51 -------- d-----w- c:\program files\SlySoft

2010-04-28 16:11 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-28 16:10 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-28 16:10 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-27 02:18 . 2010-04-27 13:36 -------- d-----w- c:\program files\DOOM 3

2010-04-26 20:53 . 2010-05-03 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-26 03:27 . 2010-04-26 03:27 -------- d-----w- c:\programdata\Protexis

2010-04-26 02:59 . 2010-04-26 02:59 -------- d-----w- c:\users\Joel\AppData\Roaming\REAPER

2010-04-26 02:53 . 2010-04-26 03:10 -------- d-----w- c:\program files\REAPER

2010-04-26 01:58 . 2010-04-26 01:58 -------- d-----w- c:\program files\CFToolbox

2010-04-25 20:21 . 2010-04-25 20:21 -------- d-----w- c:\users\Joel\AppData\Local\iTunesKeys2

2010-04-25 20:19 . 2010-04-25 20:19 -------- d-----w- c:\program files\iTunesKeys

2010-04-24 22:53 . 2010-05-06 17:28 -------- d-----w- c:\program files\JDownloader

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Ask.com

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\users\Joel\AppData\Roaming\Foxit

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Foxit Software

2010-04-24 20:14 . 2010-04-24 20:14 -------- d-----w- c:\program files\MSECache

2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\program files\SystemRequirementsLab

2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab

2010-04-24 19:34 . 2010-05-03 02:49 -------- d-----w- c:\windows\Sun

2010-04-24 19:30 . 2010-04-24 19:30 -------- d-----w- c:\program files\Common Files\Steam

2010-04-24 19:30 . 2010-04-27 01:44 -------- d-----w- c:\program files\Steam

2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\windows\PCHEALTH

2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\program files\Microsoft.NET

2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----w- c:\users\Joel\AppData\Local\Microsoft Help

2010-04-24 06:00 . 2010-04-24 06:07 -------- d-----w- c:\programdata\Microsoft Help

2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----r- C:\MSOCache

2010-04-23 22:44 . 2010-04-23 22:46 -------- d-----w- c:\program files\Picture Resize Genius

2010-04-22 16:39 . 2010-05-03 03:32 -------- d-----w- c:\programdata\Rosetta Stone

2010-04-20 17:49 . 2010-04-20 17:49 -------- d-----w- c:\program files\Rosetta Stone

2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\users\Joel\AppData\Roaming\VirtuaWin

2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\program files\VirtuaWin

2010-04-20 14:59 . 2010-05-07 15:10 -------- d-----w- c:\windows\system32\wbem\repository

2010-04-20 03:50 . 2010-04-20 03:50 -------- d-----w- c:\users\Joel\AppData\Local\Logitech

2010-04-20 00:16 . 2010-04-20 00:28 -------- d-----w- c:\program files\360desktop

2010-04-20 00:16 . 2010-04-20 00:16 -------- d-----w- c:\users\Joel\AppData\Roaming\360desktop

2010-04-19 19:36 . 2010-04-19 19:36 -------- d-----w- c:\users\Joel\AppData\Roaming\Facebook

2010-04-18 16:05 . 2010-04-23 16:56 -------- d-----w- c:\users\Joel\AppData\Roaming\TrueCrypt

2010-04-18 15:56 . 2010-04-18 15:56 -------- d-----w- c:\programdata\TrueCrypt

2010-04-18 15:55 . 2010-04-18 15:55 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-04-18 15:55 . 2010-04-18 15:55 -------- d-----w- c:\program files\TrueCrypt

2010-04-18 05:06 . 2010-05-07 15:10 95744 ---ha-w- c:\windows\system32\tusqnn.dll

2010-04-18 05:01 . 2010-04-18 05:02 -------- d-----w- c:\program files\TagRename

2010-04-18 02:27 . 2010-04-18 02:27 -------- d-----w- c:\windows\system32\Wat

2010-04-17 14:19 . 2010-04-17 16:13 -------- d-----w- c:\users\Joel\AppData\Roaming\DivX

2010-04-17 14:19 . 2010-05-05 14:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-04-17 14:18 . 2010-04-17 14:18 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-04-17 14:04 . 2010-05-05 14:50 -------- d-----w- c:\program files\DivX

2010-04-17 14:03 . 2010-05-05 15:05 -------- d-----w- c:\programdata\DivX

2010-04-17 00:33 . 2010-04-17 00:33 -------- d-----w- c:\programdata\Adobe Systems

2010-04-17 00:32 . 2010-04-17 16:06 -------- d-----w- c:\users\Joel\AppData\Local\Adobe

2010-04-16 22:22 . 2010-04-16 22:22 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

2010-04-16 21:28 . 2010-04-16 21:28 -------- d-----w- c:\users\Joel\AppData\Roaming\OpenOffice.org

2010-04-16 21:26 . 2010-04-23 22:50 -------- d-----w- c:\programdata\FLEXnet

2010-04-16 21:14 . 2010-04-24 06:13 -------- d-----w- c:\program files\OpenOffice.org 3

2010-04-16 21:14 . 2010-04-16 21:14 -------- d-----w- c:\program files\Common Files\Java

2010-04-16 21:13 . 2010-04-16 21:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-16 21:13 . 2010-04-16 21:13 -------- d-----w- c:\program files\Java

2010-04-16 20:50 . 2010-04-16 20:50 -------- d-----w- c:\users\Joel\AppData\Roaming\FastStone

2010-04-16 20:04 . 2010-04-16 20:04 -------- d-----w- c:\program files\PowerISO

2010-04-16 19:48 . 2007-03-22 05:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2010-04-16 19:48 . 2007-02-24 21:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2010-04-16 19:48 . 2007-01-23 23:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2010-04-16 19:48 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll

2010-04-16 19:48 . 2010-04-27 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-16 19:47 . 2010-04-27 02:18 -------- d-----w- c:\program files\Common Files\InstallShield

2010-04-16 19:37 . 2010-04-29 17:07 -------- d-----w- c:\users\Joel\AppData\Local\Apple Computer

2010-04-16 19:37 . 2010-04-25 19:31 -------- d-----w- c:\users\Joel\AppData\Roaming\Apple Computer

2010-04-16 19:37 . 2010-04-16 19:37 -------- dc----w- c:\windows\system32\DRVSTORE

2010-04-16 19:37 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-04-16 19:37 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-04-16 19:36 . 2010-04-16 19:36 -------- d-----w- c:\program files\iPod

2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\program files\iTunes

2010-04-16 19:34 . 2010-04-16 19:35 -------- d-----w- c:\program files\QuickTime

2010-04-16 19:34 . 2010-04-16 19:36 -------- d-----w- c:\programdata\Apple Computer

2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\users\Joel\AppData\Local\Apple

2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\program files\Apple Software Update

2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\program files\Bonjour

2010-04-16 19:33 . 2010-04-16 19:36 -------- d-----w- c:\program files\Common Files\Apple

2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\programdata\Apple

2010-04-16 19:24 . 2010-05-07 02:42 -------- d-----w- c:\users\Joel\AppData\Roaming\vlc

2010-04-16 17:32 . 2010-04-16 17:32 -------- d-----w- c:\program files\GreedyTorrent

2010-04-16 17:18 . 2006-03-17 21:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll

2010-04-16 17:18 . 2006-03-17 18:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll

2010-04-16 17:18 . 2006-03-17 18:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll

2010-04-16 17:18 . 2006-03-17 18:45 258048 ----a-w- c:\windows\system32\imagXR7.dll

2010-04-16 17:18 . 2006-03-17 18:45 1757184 ----a-w- c:\windows\system32\imagX7.dll

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Nero

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\programdata\Nero

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Common Files\Nero

2010-04-16 17:14 . 2010-04-16 17:14 -------- d-----w- c:\program files\VideoLAN

2010-04-16 17:09 . 2010-04-16 17:09 0 ----a-w- c:\windows\nsreg.dat

2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Local\Thunderbird

2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Roaming\Thunderbird

2010-04-16 17:08 . 2010-05-03 23:53 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-04-16 16:21 . 2010-04-16 16:50 -------- d-----w- c:\programdata\BitDefender

2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\users\Joel\AppData\Roaming\BitDefender

2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\program files\BitDefender

2010-04-16 16:19 . 2010-04-16 16:49 -------- d-----w- c:\program files\Common Files\BitDefender

2010-04-16 16:13 . 2010-05-02 15:24 -------- d-----w- c:\program files\uTorrent

2010-04-16 16:10 . 2010-05-06 17:43 2356 ----a-w- c:\windows\system32\secushr.dat

2010-04-16 16:10 . 2010-04-16 16:10 -------- d-----w- c:\users\Joel\AppData\Roaming\FlashGet

2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Logitech

2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Common Files\Logitech

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-05 15:05 . 2010-04-17 14:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-05 14:50 . 2010-05-05 14:50 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-05-05 14:35 . 2010-04-17 14:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-05 14:35 . 2010-04-17 14:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-05-05 14:35 . 2010-04-17 14:19 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-05-05 14:34 . 2010-05-05 14:34 388096 ----a-r- c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-04-24 19:34 . 2010-04-24 19:34 85504 ----a-w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll

2010-04-21 17:40 . 2010-04-16 21:28 1 ----a-w- c:\users\Joel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-19 19:36 . 2010-04-19 19:36 50354 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\uninstall.exe

2010-04-17 14:19 . 2010-04-17 14:19 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe

2010-04-16 19:52 . 2010-04-16 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\axfbootloader.dll

2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

2010-02-27 12:07 . 2010-04-16 03:47 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-27 12:07 . 2010-04-16 03:47 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-23 07:56 . 2010-04-16 03:47 977920 ----a-w- c:\windows\system32\wininet.dll

2010-02-22 21:58 . 2010-02-22 21:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll

2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll

2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll

2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll

2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll

2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll

2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_01.56.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-16 02:23 . 2010-05-07 14:46 26272 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2010-05-07 15:11 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 04:55 . 2010-05-07 01:57 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-04-16 03:22 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-16 03:22 . 2010-05-07 15:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-04-16 03:22 . 2010-05-07 01:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-16 03:22 . 2010-05-07 15:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2010-05-07 15:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-16 19:07 . 2010-05-07 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-04-16 19:07 . 2010-05-07 01:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-16 19:07 . 2010-05-07 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-16 19:07 . 2010-05-07 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-17 17:21 . 2010-05-07 04:42 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat

- 2010-04-17 17:21 . 2010-05-07 01:54 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2010-04-16 03:42 . 2010-05-07 15:11 7884 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-876052268-1848050255-1347733830-1000_UserData.bin

+ 2010-05-07 14:44 . 2010-05-07 15:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2010-05-07 14:44 . 2010-05-07 15:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:05 . 2010-05-07 00:14 615360 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-05-07 14:48 615360 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-05-07 14:48 103702 c:\windows\System32\perfc009.dat

- 2009-07-14 02:05 . 2010-05-07 00:14 103702 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:03 . 2010-05-07 04:37 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:03 . 2010-05-07 01:48 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2010-04-16 02:20 . 2010-05-06 19:02 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-04-16 02:20 . 2010-05-07 04:42 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-02 321328]

"GreedyTorrent"="c:\program files\GreedyTorrent\GTor.exe" [2007-03-08 2526661]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-11-11 3124160]

"Google Update"="c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-06 136176]

"bywwwwdrv"="tusqnn.dll" [2010-05-07 95744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"yaxxwwdrv"="tusqnn.dll" [2010-05-07 95744]

"vtrsstsys"="rqpomm.dll" [2010-05-07 87552]

"mlmlkksys"="rqpomm.dll" [2010-05-07 87552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ddbyvvsys"="rqpomm.dll" [2010-05-07 87552]

"awwussdrv"="tusqnn.dll" [2010-05-07 95744]

c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 rqpomm.dll

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-20 183880]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-05 79368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000Core.job

- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000UA.job

- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Download All By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

Trusted Zone: kuaiche.com\software

FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\3tzksjjy.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"

"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)

c:\windows\System32\tusqnn.dll

- - - - - - - > 'Explorer.exe'(3924)

c:\windows\System32\tusqnn.dll

- - - - - - - > 'csrss.exe'(608)

c:\windows\system32\rqpomm.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2010\vsserv.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\conhost.exe

c:\program files\BitDefender\BitDefender 2010\seccenter.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2010-05-07 10:17:06 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-07 15:17

ComboFix2.txt 2010-05-07 02:02

Pre-Run: 51,458,412,544 bytes free

Post-Run: 50,832,662,528 bytes free

- - End Of File - - 355C271363FC726B9BCF5068CA17A7FE

Attach.zip

Link to post
Share on other sites

Well that was only partly successful...let's try again.

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\rqpomm.dll
c:\windows\System32\tusqnn.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bywwwwdrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yaxxwwdrv"=-
"vtrsstsys"=-
"mlmlkksys"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ddbyvvsys"=-
"awwussdrv"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new DDS log. Just DDS.txt. .

Link to post
Share on other sites

ComboFix 10-05-06.01 - Joel 05/07/2010 11:57:07.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.1098 [GMT -5:00]

Running from: c:\users\Joel\Desktop\ComboFix.exe

Command switches used :: c:\users\Joel\Desktop\CFScript.txt

FILE ::

"c:\windows\system32\rqpomm.dll"

"c:\windows\System32\tusqnn.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\rqpomm.dll

c:\windows\System32\tusqnn.dll

.

((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))

.

2010-05-07 17:05 . 2010-05-07 17:07 -------- d-----w- c:\users\Joel\AppData\Local\temp

2010-05-07 17:05 . 2010-05-07 17:05 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-05-07 17:05 . 2010-05-07 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-07 16:55 . 2010-05-07 16:55 -------- d-----w- C:\32788R22FWJFW

2010-05-06 18:05 . 2010-05-07 04:22 -------- d-----w- c:\users\Joel\AppData\Roaming\FileZilla

2010-05-06 18:05 . 2010-05-06 18:05 -------- d-----w- c:\program files\FileZilla FTP Client

2010-05-06 17:43 . 2010-05-06 17:46 -------- d-----w- c:\users\Joel\AppData\Local\Google

2010-05-05 14:34 . 2010-05-05 14:34 -------- d-----w- c:\program files\Trend Micro

2010-05-03 01:02 . 2010-05-03 01:02 -------- d-----w- c:\users\Joel\AppData\Roaming\Malwarebytes

2010-05-03 00:04 . 2010-05-06 04:48 -------- d-----w- c:\users\Joel\AppData\Local\ElevatedDiagnostics

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-05-02 17:25 . 2010-05-03 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-02 06:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-02 06:06 . 2010-05-02 06:06 -------- d-----w- c:\programdata\Malwarebytes

2010-05-02 06:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-30 20:19 . 2010-04-30 20:19 -------- d-----w- c:\program files\Music NFO Builder

2010-04-29 17:04 . 2010-05-04 15:49 -------- d-----w- c:\users\Joel\AppData\Roaming\dvdcss

2010-04-29 16:53 . 2010-04-29 16:53 -------- d-----w- c:\program files\Elaborate Bytes

2010-04-29 16:52 . 2010-04-29 16:52 -------- d-----w- c:\programdata\SlySoft

2010-04-29 16:51 . 2010-04-29 16:51 -------- d-----w- c:\program files\SlySoft

2010-04-28 16:11 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-28 16:10 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-28 16:10 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-27 02:18 . 2010-04-27 13:36 -------- d-----w- c:\program files\DOOM 3

2010-04-26 20:53 . 2010-05-03 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-26 03:27 . 2010-04-26 03:27 -------- d-----w- c:\programdata\Protexis

2010-04-26 02:59 . 2010-04-26 02:59 -------- d-----w- c:\users\Joel\AppData\Roaming\REAPER

2010-04-26 02:53 . 2010-04-26 03:10 -------- d-----w- c:\program files\REAPER

2010-04-26 01:58 . 2010-04-26 01:58 -------- d-----w- c:\program files\CFToolbox

2010-04-25 20:21 . 2010-04-25 20:21 -------- d-----w- c:\users\Joel\AppData\Local\iTunesKeys2

2010-04-25 20:19 . 2010-04-25 20:19 -------- d-----w- c:\program files\iTunesKeys

2010-04-24 22:53 . 2010-05-06 17:28 -------- d-----w- c:\program files\JDownloader

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\users\Joel\AppData\Roaming\Foxit

2010-04-24 20:19 . 2010-04-24 20:19 -------- d-----w- c:\program files\Foxit Software

2010-04-24 20:14 . 2010-04-24 20:14 -------- d-----w- c:\program files\MSECache

2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\program files\SystemRequirementsLab

2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab

2010-04-24 19:34 . 2010-05-03 02:49 -------- d-----w- c:\windows\Sun

2010-04-24 19:30 . 2010-04-24 19:30 -------- d-----w- c:\program files\Common Files\Steam

2010-04-24 19:30 . 2010-04-27 01:44 -------- d-----w- c:\program files\Steam

2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\windows\PCHEALTH

2010-04-24 06:04 . 2010-04-24 06:04 -------- d-----w- c:\program files\Microsoft.NET

2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----w- c:\users\Joel\AppData\Local\Microsoft Help

2010-04-24 06:00 . 2010-04-24 06:07 -------- d-----w- c:\programdata\Microsoft Help

2010-04-24 06:00 . 2010-04-24 06:00 -------- d-----r- C:\MSOCache

2010-04-23 22:44 . 2010-04-23 22:46 -------- d-----w- c:\program files\Picture Resize Genius

2010-04-22 16:39 . 2010-05-03 03:32 -------- d-----w- c:\programdata\Rosetta Stone

2010-04-20 17:49 . 2010-04-20 17:49 -------- d-----w- c:\program files\Rosetta Stone

2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\users\Joel\AppData\Roaming\VirtuaWin

2010-04-20 16:45 . 2010-04-20 16:45 -------- d-----w- c:\program files\VirtuaWin

2010-04-20 14:59 . 2010-05-07 17:06 -------- d-----w- c:\windows\system32\wbem\repository

2010-04-20 03:50 . 2010-04-20 03:50 -------- d-----w- c:\users\Joel\AppData\Local\Logitech

2010-04-20 00:16 . 2010-04-20 00:28 -------- d-----w- c:\program files\360desktop

2010-04-20 00:16 . 2010-04-20 00:16 -------- d-----w- c:\users\Joel\AppData\Roaming\360desktop

2010-04-19 19:36 . 2010-04-19 19:36 -------- d-----w- c:\users\Joel\AppData\Roaming\Facebook

2010-04-18 16:05 . 2010-04-23 16:56 -------- d-----w- c:\users\Joel\AppData\Roaming\TrueCrypt

2010-04-18 15:56 . 2010-04-18 15:56 -------- d-----w- c:\programdata\TrueCrypt

2010-04-18 15:55 . 2010-04-18 15:55 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-04-18 15:55 . 2010-04-18 15:55 -------- d-----w- c:\program files\TrueCrypt

2010-04-18 05:01 . 2010-04-18 05:02 -------- d-----w- c:\program files\TagRename

2010-04-18 02:27 . 2010-04-18 02:27 -------- d-----w- c:\windows\system32\Wat

2010-04-17 14:19 . 2010-04-17 16:13 -------- d-----w- c:\users\Joel\AppData\Roaming\DivX

2010-04-17 14:19 . 2010-05-05 14:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-04-17 14:18 . 2010-04-17 14:18 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-04-17 14:04 . 2010-05-05 14:50 -------- d-----w- c:\program files\DivX

2010-04-17 14:03 . 2010-05-05 15:05 -------- d-----w- c:\programdata\DivX

2010-04-17 00:33 . 2010-04-17 00:33 -------- d-----w- c:\programdata\Adobe Systems

2010-04-17 00:32 . 2010-04-17 16:06 -------- d-----w- c:\users\Joel\AppData\Local\Adobe

2010-04-16 22:22 . 2010-04-16 22:22 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

2010-04-16 21:28 . 2010-04-16 21:28 -------- d-----w- c:\users\Joel\AppData\Roaming\OpenOffice.org

2010-04-16 21:26 . 2010-04-23 22:50 -------- d-----w- c:\programdata\FLEXnet

2010-04-16 21:14 . 2010-04-24 06:13 -------- d-----w- c:\program files\OpenOffice.org 3

2010-04-16 21:14 . 2010-04-16 21:14 -------- d-----w- c:\program files\Common Files\Java

2010-04-16 21:13 . 2010-04-16 21:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-16 21:13 . 2010-04-16 21:13 -------- d-----w- c:\program files\Java

2010-04-16 20:50 . 2010-04-16 20:50 -------- d-----w- c:\users\Joel\AppData\Roaming\FastStone

2010-04-16 20:04 . 2010-04-16 20:04 -------- d-----w- c:\program files\PowerISO

2010-04-16 19:48 . 2007-03-22 05:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2010-04-16 19:48 . 2007-02-24 21:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2010-04-16 19:48 . 2007-01-23 23:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2010-04-16 19:48 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll

2010-04-16 19:48 . 2010-04-27 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-16 19:47 . 2010-04-27 02:18 -------- d-----w- c:\program files\Common Files\InstallShield

2010-04-16 19:37 . 2010-04-29 17:07 -------- d-----w- c:\users\Joel\AppData\Local\Apple Computer

2010-04-16 19:37 . 2010-04-25 19:31 -------- d-----w- c:\users\Joel\AppData\Roaming\Apple Computer

2010-04-16 19:37 . 2010-04-16 19:37 -------- dc----w- c:\windows\system32\DRVSTORE

2010-04-16 19:37 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-04-16 19:37 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-04-16 19:36 . 2010-04-16 19:36 -------- d-----w- c:\program files\iPod

2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-16 19:36 . 2010-04-16 19:37 -------- d-----w- c:\program files\iTunes

2010-04-16 19:34 . 2010-04-16 19:35 -------- d-----w- c:\program files\QuickTime

2010-04-16 19:34 . 2010-04-16 19:36 -------- d-----w- c:\programdata\Apple Computer

2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\users\Joel\AppData\Local\Apple

2010-04-16 19:34 . 2010-04-16 19:34 -------- d-----w- c:\program files\Apple Software Update

2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\program files\Bonjour

2010-04-16 19:33 . 2010-04-16 19:36 -------- d-----w- c:\program files\Common Files\Apple

2010-04-16 19:33 . 2010-04-16 19:33 -------- d-----w- c:\programdata\Apple

2010-04-16 19:24 . 2010-05-07 02:42 -------- d-----w- c:\users\Joel\AppData\Roaming\vlc

2010-04-16 17:32 . 2010-04-16 17:32 -------- d-----w- c:\program files\GreedyTorrent

2010-04-16 17:18 . 2006-03-17 21:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll

2010-04-16 17:18 . 2006-03-17 18:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll

2010-04-16 17:18 . 2006-03-17 18:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll

2010-04-16 17:18 . 2006-03-17 18:45 258048 ----a-w- c:\windows\system32\imagXR7.dll

2010-04-16 17:18 . 2006-03-17 18:45 1757184 ----a-w- c:\windows\system32\imagX7.dll

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Nero

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\programdata\Nero

2010-04-16 17:18 . 2010-04-16 17:18 -------- d-----w- c:\program files\Common Files\Nero

2010-04-16 17:14 . 2010-04-16 17:14 -------- d-----w- c:\program files\VideoLAN

2010-04-16 17:09 . 2010-04-16 17:09 0 ----a-w- c:\windows\nsreg.dat

2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Local\Thunderbird

2010-04-16 17:09 . 2010-04-16 17:09 -------- d-----w- c:\users\Joel\AppData\Roaming\Thunderbird

2010-04-16 17:08 . 2010-05-03 23:53 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-04-16 16:21 . 2010-04-16 16:50 -------- d-----w- c:\programdata\BitDefender

2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\users\Joel\AppData\Roaming\BitDefender

2010-04-16 16:21 . 2010-04-16 16:21 -------- d-----w- c:\program files\BitDefender

2010-04-16 16:19 . 2010-04-16 16:49 -------- d-----w- c:\program files\Common Files\BitDefender

2010-04-16 16:13 . 2010-05-02 15:24 -------- d-----w- c:\program files\uTorrent

2010-04-16 16:10 . 2010-05-06 17:43 2356 ----a-w- c:\windows\system32\secushr.dat

2010-04-16 16:10 . 2010-04-16 16:10 -------- d-----w- c:\users\Joel\AppData\Roaming\FlashGet

2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Logitech

2010-04-16 15:46 . 2010-04-16 15:46 -------- d-----w- c:\program files\Common Files\Logitech

2010-04-16 15:11 . 2010-04-29 16:39 -------- d-----w- c:\programdata\DVD Shrink

2010-04-16 15:11 . 2010-04-18 05:19 -------- d-----w- c:\program files\DVD Shrink

2010-04-16 14:54 . 2010-04-16 14:54 -------- d-----w- c:\windows\system32\Macromed

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-05 15:05 . 2010-04-17 14:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-05 14:50 . 2010-05-05 14:50 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-05-05 14:50 . 2010-05-05 14:50 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe

2010-05-05 14:49 . 2010-05-05 14:49 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-05-05 14:35 . 2010-04-17 14:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-05 14:35 . 2010-04-17 14:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-05-05 14:35 . 2010-04-17 14:19 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-05-05 14:34 . 2010-05-05 14:34 388096 ----a-r- c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-04-24 19:34 . 2010-04-24 19:34 85504 ----a-w- c:\users\Joel\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll

2010-04-21 17:40 . 2010-04-16 21:28 1 ----a-w- c:\users\Joel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-19 19:36 . 2010-04-19 19:36 50354 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\uninstall.exe

2010-04-17 14:19 . 2010-04-17 14:19 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-04-17 14:18 . 2010-04-17 14:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe

2010-04-16 19:52 . 2010-04-16 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\axfbootloader.dll

2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Joel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

2010-02-27 12:07 . 2010-04-16 03:47 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-27 12:07 . 2010-04-16 03:47 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-23 07:56 . 2010-04-16 03:47 977920 ----a-w- c:\windows\system32\wininet.dll

2010-02-22 21:58 . 2010-02-22 21:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll

2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll

2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll

2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll

2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll

2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll

2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_01.56.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-16 02:23 . 2010-05-07 14:46 26272 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2010-05-07 17:08 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 04:55 . 2010-05-07 01:57 39938 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-04-16 03:22 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-16 03:22 . 2010-05-07 17:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-04-16 03:22 . 2010-05-07 01:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-16 03:22 . 2010-05-07 17:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2010-05-07 17:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2010-05-07 01:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-16 19:07 . 2010-05-07 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-04-16 19:07 . 2010-05-07 01:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-16 19:07 . 2010-05-07 17:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-04-16 19:07 . 2010-05-07 00:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-16 19:07 . 2010-05-07 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-17 17:21 . 2010-05-07 04:42 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat

- 2010-04-17 17:21 . 2010-05-07 01:54 4566 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2010-04-16 03:42 . 2010-05-07 17:08 7932 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-876052268-1848050255-1347733830-1000_UserData.bin

+ 2010-05-07 14:44 . 2010-05-07 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2010-05-07 14:44 . 2010-05-07 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2010-05-06 22:50 . 2010-05-07 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:05 . 2010-05-07 00:14 615360 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-05-07 15:15 615360 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-05-07 15:15 103702 c:\windows\System32\perfc009.dat

- 2009-07-14 02:05 . 2010-05-07 00:14 103702 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:03 . 2010-05-07 16:36 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:03 . 2010-05-07 01:48 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2010-04-16 02:20 . 2010-05-06 19:02 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-04-16 02:20 . 2010-05-07 04:42 1604344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-02 321328]

"GreedyTorrent"="c:\program files\GreedyTorrent\GTor.exe" [2007-03-08 2526661]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-11-11 3124160]

"Google Update"="c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-20 183880]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-05 79368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000Core.job

- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876052268-1848050255-1347733830-1000UA.job

- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 17:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Download All By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Joel\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

Trusted Zone: kuaiche.com\software

FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\3tzksjjy.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

HKCU-Run-qomllldrv - tusqnn.dll

HKLM-Run-rqomjjdrv - tusqnn.dll

HKLM-Run-fcccbbsys - rqpomm.dll

HKU-Default-Run-vtusqqsys - rqpomm.dll

HKU-Default-Run-ddayxxdrv - tusqnn.dll

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"

"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2010\vsserv.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\conhost.exe

c:\program files\BitDefender\BitDefender 2010\seccenter.exe

c:\windows\System32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2010-05-07 12:14:12 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-07 17:14

ComboFix2.txt 2010-05-07 15:17

ComboFix3.txt 2010-05-07 02:02

Pre-Run: 50,546,237,440 bytes free

Post-Run: 50,493,538,304 bytes free

- - End Of File - - 81694A5FB6A0BA077A3229C0D989CEEB

Attach.zip

Link to post
Share on other sites

That's better. :)

I would suggest you update and run MalwareBytes. Post the log if anything is found.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Link to post
Share on other sites

Would a scan with BitDefender be fine? Cause thats what I have...

You can certainly do that, and I would suggest you do either way. But Kaspersky is very thorough and will give me a report so I can see what's there. It also won't fix anything and is not actually installed, so it won't conflict with BD.

How's it running?

Link to post
Share on other sites

Hi,

Did you run Kaspersky? Not much to speak of in the BD log. Did BitDefender fix what it found?

Another question (and I think I already know the answer)....where did you get that version of SAS? In addition to avoiding those downloaders I mentioned earlier, if you keep downloading cracks and keygens you'll be right back here again asking for help. I guarantee it. Next time you come back you may not be able to get help quite so easily as many helpers will avoid repeat "offenders", especially if they have a history of this type of activity. Okay I'll get off my soapbox.

How's it running?

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.