TechSpot

Desktop background and files/folder trouble

By Jinai
Mar 28, 2011
  1. Hey guys, how've you all been?

    Basically, just two days ago I was hit by some kind of Malware called Windows Repair, now I did my fair share of research and found many other rogue anti virus programs this particular one is related to (IE: HDD Defragmenter, Win Defragmenter etc) - provided by the blog: XXXXXXX

    (I am running on Windows Vista Home Premium, but not sure whether it is 32 or 64bit.)

    Once the system was attacked, error messages started to pop up (such as "RAM memory critically high", "hard drive failure", "files at risk" etc). Fortunately I still was able to see my desktop, but most of the icons were sort of "transparent" as opposed to the normal "solid" state of it. The task manager was unable to be called upon. I didn't click the silly rogue program's deception and quickly booted the system into safe mode and tried to get rid of it from there.

    I first did a Malwarebyte scan (full scan) and nothing came up. Did a Spybot scan, things were found but nothing helped ease the pain. Then I went onto the "Deletemalware" blog to see if the solutions for the rogue program's other family members would help (because they are very similar), followed a lot of the steps (such as "regedit" businesses), did a "SUPERanti spyware free edition" full scan and came out with some results. Booted my laptop into normal mode and then found some more problems - desktop background turned black, and most system files hijacked, cannot access start programs (I can see my files are on the system). Fortunately I can access my computer and task manager to do stuffs.

    Upon the second boot, I ran a "Sophos" rookit scan to see if it helped. Did not work (even though results came up).

    Now I'm at this stage where I am almost defeated. So, could anyone help me out here?

    Edit: Possible rogue link deleted.
     
  2. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Here is my current hijackthis log:

     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! There is a Rogue Error Fix program going around that alerts you to 'false' errors in an attempt to get you to click on something to fix it. You should not attempt to act on anything coming from an unknown source. You should be familiar enough with your system to determine if it is a legitimate warning from the Operating System or one of the security program on the system.

    If you are not sure, do nothing!. I have recently worked with 2 members who have been victims of this rogue program: one of the found no programs listed in his All Programs list. The other was given a message that he was locked out of his computer. Both alerts were generated by the Rogue Error Fix and did not represent actual errors.

    If you get a popups or alert on your system, Never click on any site that is telling you it will fix the problem! I am deleting your reference to the blog because as far as I can determine, someone just set up the site. It may be legit, but when in doubt "don't!"
    =========================================
    We don't screen for malware with HijackThis.
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    In addition to these scans, I will make one reference to you: this Rogue Error Fix is spreading big time though Facebook. If you are a Facebook member, please see my post>http://www.techspot.com/vb/topic162959.html
     
  4. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Thank you for your reply! Here are the Logs you asked (split into two posts):

     
  5. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

     
  6. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for delay- internet was down. Please don't put the logs in quotes. It takes a lot of room away.

    There are processes we will be removing. Please run the following first:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =============================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    NOTE: I have deleted the HijackThis log. It is an out of date version and you can uninstall it. I will have you run it later and will give you link for current version.
     
  8. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Thanks for your reply! Here is the ESET NOD32 Log:

    C:\Users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53ACIHYQ\fb01fd[1].pdf JS/Exploit.Pdfka.ORP.Gen trojan
    C:\Users\Jinai\AppData\Local\Temp\plugtmp-1\plugin-lib.php JS/Exploit.Pdfka.OSV.Gen trojan
    C:\Users\Jinai\Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
    C:\Users\Jinai\Downloads\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe a variant of Win32/Keygen.AR application
     
  9. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    And the ComboFix Log:

    ComboFix 11-03-30.01 - Jinai 31/03/2011 3:06.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1082 [GMT 1:00]
    Running from: c:\users\Jinai\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    The following files were disabled during the run:
    c:\program files\IObit\IObit Security 360\IS360mon.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\instantrails\instantrails.exe
    c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\5X8JOBA.jpg
    c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\AbM00aam5.jpg
    c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\PM4XAaN.jpg
    c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Yl05yAm35.jpg
    c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
    c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
    c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Windows Repair.lnk
    c:\windows\system32\setup.exe
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-31 02:17 . 2011-03-31 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-31 02:17 . 2011-03-31 02:22 -------- d-----w- c:\users\Jinai\AppData\Local\temp
    2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\ESET
    2011-03-30 23:24 . 2011-03-30 23:25 -------- d-----w- c:\users\Jinai\AppData\Local\{DAACF362-76FD-4CE3-A163-0A55FADD8365}
    2011-03-30 08:44 . 2011-03-30 08:44 -------- d-----w- c:\users\Jinai\AppData\Local\{6A619BE8-3566-4D8C-A930-BD08AA705B02}
    2011-03-30 03:57 . 2011-03-30 03:57 89088 ----a-w- C:\mbr.exe
    2011-03-29 20:43 . 2011-03-29 20:43 -------- d-----w- c:\users\Jinai\AppData\Local\{4C328290-DCCA-4409-A6E7-2D5D4EEA54C2}
    2011-03-29 12:28 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{403E65C6-356B-4035-A412-96F2D58C116A}\mpengine.dll
    2011-03-29 12:05 . 2011-03-29 12:05 -------- d-----w- c:\users\Jinai\AppData\Local\{7C2A947A-C1D2-41A4-924E-EB318EE67F85}
    2011-03-28 18:54 . 2011-03-28 18:54 -------- d-----w- c:\users\Jinai\AppData\Roaming\Avira
    2011-03-28 18:51 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-28 18:51 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\programdata\Avira
    2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\program files\Avira
    2011-03-28 17:07 . 2011-03-28 17:07 -------- d-----w- c:\windows\CheckSur
    2011-03-28 17:04 . 2011-03-28 17:04 -------- d-----w- c:\users\Jinai\AppData\Local\{6C103448-B457-4810-B59F-978D86824FA5}
    2011-03-27 23:12 . 2011-03-27 23:12 -------- d-----w- c:\users\Jinai\AppData\Local\{4B753C67-668C-474C-981B-253D652F8AC8}
    2011-03-27 10:51 . 2010-05-26 10:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
    2011-03-27 04:26 . 2011-03-27 04:27 -------- d-----w- c:\users\Jinai\AppData\Local\{F8661618-8468-43C8-8DE7-7F0DDE950938}
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\users\Jinai\AppData\Roaming\SUPERAntiSpyware.com
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-27 00:44 . 2010-05-26 10:39 6144 ------w- c:\windows\system32\42EA.tmp
    2011-03-27 00:44 . 2010-05-26 10:39 6144 ------w- c:\windows\system32\297F.tmp
    2011-03-27 00:43 . 2011-03-27 00:43 -------- d-----w- c:\program files\Sophos
    2011-03-26 15:31 . 2011-03-26 15:31 -------- d--h--w- c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
    2011-03-25 14:43 . 2011-03-25 14:43 -------- d--h--w- c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
    2011-03-24 16:25 . 2011-03-24 16:25 -------- d--h--w- c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
    2011-03-24 03:18 . 2011-03-24 03:18 -------- d--h--w- c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
    2011-03-23 15:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-23 15:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-23 15:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-23 15:17 . 2011-03-23 15:17 -------- d--h--w- c:\users\Jinai\AppData\Local\{6638CC24-34A9-4E7D-8A80-3130A7DF17B7}
    2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-03-22 19:45 . 2011-03-18 17:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2011-03-22 19:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-03-22 19:45 . 2011-03-18 17:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2011-03-22 19:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-03-22 19:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-22 14:42 . 2011-03-22 14:42 -------- d--h--w- c:\users\Jinai\AppData\Local\{32B69A5C-7D42-411F-B13B-D2262975FAB2}
    2011-03-22 01:54 . 2011-03-22 01:54 -------- d--h--w- c:\users\Jinai\AppData\Local\{8E52CCE3-FD1C-4F1B-8DDA-8F374804A301}
    2011-03-21 10:47 . 2011-03-21 10:48 -------- d--h--w- c:\users\Jinai\AppData\Local\{B7D3B0B6-8351-476F-B5DD-E10FB9952AB5}
    2011-03-21 10:47 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\{02AF9735-4BF3-43C3-99A4-FEB0C35C9A06}
    2011-03-20 14:02 . 2011-03-20 14:02 -------- d--h--w- c:\users\Jinai\AppData\Local\{9FFBE5DC-FDC1-475C-8F87-2E6A037893BA}
    2011-03-19 23:11 . 2011-03-19 23:11 -------- d--h--w- c:\users\Jinai\AppData\Local\{D5F3E161-56C2-4B8F-ACAE-66DA68E14335}
    2011-03-18 14:54 . 2011-03-19 03:00 -------- d--h--w- c:\users\Jinai\AppData\Local\{2F9E0567-7119-44D1-88C0-89B9886ED4DD}
    2011-03-18 00:56 . 2011-03-18 00:56 -------- d--h--w- c:\users\Jinai\AppData\Local\{4B2A50DB-18D9-44B8-A8B7-3504360D5CA5}
    2011-03-18 00:52 . 2011-03-18 00:52 -------- d-----w- c:\windows\en
    2011-03-18 00:52 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-03-18 00:43 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-03-18 00:43 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-03-18 00:43 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-03-18 00:39 . 2011-03-21 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-03-18 00:35 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2011-03-18 00:32 . 2011-03-18 00:32 469256 ---ha-w- c:\program files\Common Files\Windows Live\.cache\f45602771cbe50308\InstallManager_WLE_WLE.exe
    2011-03-18 00:32 . 2011-03-18 00:32 15712 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ecb334c71cbe50307\MeshBetaRemover.exe
    2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DSETUP.dll
    2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DXSETUP.exe
    2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\dsetup32.dll
    2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DSETUP.dll
    2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DXSETUP.exe
    2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\dsetup32.dll
    2011-03-18 00:31 . 2011-03-18 00:31 6260088 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e27634371cbe50304\Silverlight.4.0.exe
    2011-03-18 00:31 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\Windows Live
    2011-03-09 14:42 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 14:42 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 14:42 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 14:42 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 14:42 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 14:42 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-05 17:23 . 2011-03-05 23:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-03-05 17:23 . 2011-03-05 22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-03 15:37 . 2011-03-03 15:37 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-03-03 15:37 . 2011-03-03 15:37 -------- d--h--w- c:\users\Jinai\AppData\Roaming\SystemRequirementsLab
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-18 14:52 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-02 18:11 . 2009-10-03 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:37 . 2011-02-08 19:46 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-08 19:46 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-08 19:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-08 19:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-08 19:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-08 19:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-08 19:46 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-08 19:46 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-08 19:46 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-08 19:46 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-08 19:46 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-08 19:46 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-08 19:46 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-08 19:46 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-08 19:46 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-08 19:46 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-08 19:46 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-08 19:46 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-08 19:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-08 19:46 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-08 19:46 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-08 19:46 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-08 19:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-08 19:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-08 19:46 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-08 08:47 . 2011-02-08 19:45 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28 . 2011-02-08 19:45 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57 . 2011-02-08 19:48 2039808 ----a-w- c:\windows\system32\win32k.sys
    2011-03-18 17:53 . 2011-03-22 19:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
    backup=c:\windows\pss\SetPointII.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 01:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-06-10 00:12 118784 ---ha-w- c:\program files\Apoint\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2007-10-11 07:45 31232 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
    2009-06-29 08:51 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-03-21 08:30 486856 ---ha-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C48 Series]
    2005-05-16 19:00 99840 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_S4I091.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
    2007-12-13 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2008-05-21 21:00 151552 ---h--w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-01-09 13:23 178712 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-01-09 13:23 150040 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-10-10 14:46 69632 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
    2011-03-10 03:01 37943240 ----a-w- c:\windows\System32\mrt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ---ha-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
    2008-07-16 23:17 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-01-09 13:23 154136 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-08-25 00:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-10 23:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-02-04 11:13 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 10:43 248040 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-02 13:57 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-02 15:49 198160 ---ha-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    2009-12-23 19:18 2642168 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
    2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9A3B.tmp [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-06-29 143467]
    R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-17 233472]
    R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
    R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
    R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
    R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
    R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
    S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-31 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 10:20]
    .
    2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
    .
    2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Crawler Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
    FF - ProfilePath - c:\users\Jinai\AppData\Roaming\Mozilla\Firefox\Profiles\hqyixclv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
    MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
    MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
    MSConfigStartUp-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
    AddRemove-888poker - c:\progra~1\PACIFI~1\UNWISE.EXE
    AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\program files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    AddRemove-Adobe_6c8e2cb4fd241c55406016127a6ab2e - c:\program files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    AddRemove-HijackThis - c:\users\Jinai\Desktop\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-31 03:21
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\9A3B.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2216)
    c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
    c:\program files\Windows Media Player\wmplayer.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-31 03:31:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-31 02:31
    .
    Pre-Run: 51,816,181,760 bytes free
    Post-Run: 52,484,440,064 bytes free
    .
    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 9121B2F175CC807A675300DF0F1BC8F8
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53ACIHYQ\fb01fd[1].pdf 
      C:\Users\Jinai\AppData\Local\Temp\plugtmp-1\plugin-lib.php 
      C:\Users\Jinai\Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe 
      C:\Users\Jinai\Downloads\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================================
    To clear the Java Plug-in cache: for exploits

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      There are three options on this window to clear the cache.Check all.
    • . Delete Files
    • .View Applications
    • .View Applets
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.
    ==========================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    =========================================
    You have 6 outdated versions of Java. Theae are all vulnerabilities to the system and need to be removed:
    Please download JavaRa and unzip it to your desktop.
    Important!
    ***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.
    Then download and install then most current version and update of Java Runtime
    Environment (JRE)
    HERE.
    ==========================================
    Uninstall Iobit Security Not only is the program bad, but so it the site:
    Use Add/Remove Programs for the uninstall. Then use Windows explorer> My Computer> Local Drive (C)> Programs> find Iobit Security and do a right click> Delete on the program folder.

    Maybe you didn't know you had it, but Combofix header has:
    =============================================
    Uninstall the Crawler Toolbar. It is added when you use the Crawler Search.
    I will review the logs when finished and give you some script to run in Combofix.
    ================================================
     
  11. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Hey there, sorry for the delay. I did the steps you told me, the only thing I cannot find is the OTMoveIt3 Log (yes I looked where you told me to). Heres the CKscanner Log anyhow:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\windows\system32\office [keygen].exe
    scanner sequence 3.NA.11
    ----- EOF -----
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please repeat the scan with OTM using the same entries in the Codebox.
     
  13. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Hey there, after a mega thorough search I finally found it (it WAS in the place you told me, jus couldn't see it). Heres the log:

    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53ACIHYQ\fb01fd[1].pdf not found.
    File/Folder C:\Users\Jinai\AppData\Local\Temp\plugtmp-1\plugin-lib.php not found.
    File/Folder C:\Users\Jinai\Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe not found.
    File/Folder C:\Users\Jinai\Downloads\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jinai
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98515 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Update
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 67103 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 04072011_165936
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Ha! It's amazing how many logs are found when I push for them. But I am puzzled about it: the date showing is today log created on 04072011. I had you run OTM 4 days ago> this logs shows zeros everywhere.

    Have you removed the pirated Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN

    Have to wonder about this also: office [keygen].exe
    ==================================
    Have you finished with the other items I set up in my Reply #15? After you have, please run a new scan with Combofix and leave log in next post.
     
  15. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Yeah, I did remove the Pirated software, dunno bout the other keygen you're on about though.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    CK Scanner showed this: c:\windows\system32\office [keygen].exe

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\42EA.tmp
    c:\windows\system32\297F.tmp
    Folder::
    c:\users\Jinai\AppData\Local\{DAACF362-76FD-4CE3-A163-0A55FADD8365}
    c:\users\Jinai\AppData\Local\{6A619BE8-3566-4D8C-A930-BD08AA705B02}
    c:\users\jinai\appdata\local\{32B69A5C-7D42-411F-B13B-D2262975FAB2}
    c:\users\jinai\appdata\local\{8E52CCE3-FD1C-4F1B-8DDA-8F374804A301}
    c:\users\jinai\appdata\local\{B7D3B0B6-8351-476F-B5DD-E10FB9952AB5}
    c:\users\jinai\appdata\local\{02AF9735-4BF3-43C3-99A4-FEB0C35C9A06}
    c:\users\jinai\appdata\local\{9FFBE5DC-FDC1-475C-8F87-2E6A037893BA}
    c:\users\jinai\appdata\local\{D5F3E161-56C2-4B8F-ACAE-66DA68E14335}
    c:\users\jinai\appdata\local\{2F9E0567-7119-44D1-88C0-89B9886ED4DD}
    c:\users\jinai\appdata\local\{4B2A50DB-18D9-44B8-A8B7-3504360D5CA5}
    c:\users\Jinai\AppData\Local\{4C328290-DCCA-4409-A6E7-2D5D4EEA54C2}
    c:\users\Jinai\AppData\Local\{7C2A947A-C1D2-41A4-924E-EB318EE67F85}
    c:\users\Jinai\AppData\Local\{6C103448-B457-4810-B59F-978D86824FA5}
    c:\users\Jinai\AppData\Local\{4B753C67-668C-474C-981B-253D652F8AC8}
    c:\users\Jinai\AppData\Local\{F8661618-8468-43C8-8DE7-7F0DDE950938}
    c:\users\Jinai\AppData\Local\{6638CC24-34A9-4E7D-8A80-3130A7DF17B7}
    DDS::
    BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
    TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    IE: Crawler Search
    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IObit Security 360"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-.
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Question: Does the Administrator have setting to block or allow specific file extensions?
    =============================================
    Remind me to suggest you stop all the unnecessary startups you have.
    =============================================
    Please uninstall this utdates version of HighJackThis: HijackThis 2.0.2 Then go on with current version below:
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  17. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Heres the Combofix log:

    ComboFix 11-04-09.01 - Jinai 10/04/2011 18:25:11.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1162 [GMT 1:00]
    Running from: D:\ComboFix.exe
    Command switches used :: c:\users\Jinai\Desktop\CFscript.txt
    AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\297F.tmp"
    "c:\windows\system32\42EA.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\jinai\appdata\local\{02AF9735-4BF3-43C3-99A4-FEB0C35C9A06}
    c:\users\jinai\appdata\local\{2F9E0567-7119-44D1-88C0-89B9886ED4DD}
    c:\users\jinai\appdata\local\{32B69A5C-7D42-411F-B13B-D2262975FAB2}
    c:\users\jinai\appdata\local\{4B2A50DB-18D9-44B8-A8B7-3504360D5CA5}
    c:\users\Jinai\AppData\Local\{4B753C67-668C-474C-981B-253D652F8AC8}
    c:\users\Jinai\AppData\Local\{4C328290-DCCA-4409-A6E7-2D5D4EEA54C2}
    c:\users\Jinai\AppData\Local\{6638CC24-34A9-4E7D-8A80-3130A7DF17B7}
    c:\users\Jinai\AppData\Local\{6A619BE8-3566-4D8C-A930-BD08AA705B02}
    c:\users\Jinai\AppData\Local\{6C103448-B457-4810-B59F-978D86824FA5}
    c:\users\Jinai\AppData\Local\{7C2A947A-C1D2-41A4-924E-EB318EE67F85}
    c:\users\jinai\appdata\local\{8E52CCE3-FD1C-4F1B-8DDA-8F374804A301}
    c:\users\jinai\appdata\local\{9FFBE5DC-FDC1-475C-8F87-2E6A037893BA}
    c:\users\jinai\appdata\local\{B7D3B0B6-8351-476F-B5DD-E10FB9952AB5}
    c:\users\jinai\appdata\local\{D5F3E161-56C2-4B8F-ACAE-66DA68E14335}
    c:\users\Jinai\AppData\Local\{DAACF362-76FD-4CE3-A163-0A55FADD8365}
    c:\users\Jinai\AppData\Local\{F8661618-8468-43C8-8DE7-7F0DDE950938}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-10 17:35 . 2011-04-10 17:35 -------- d-----w- c:\users\Jinai\AppData\Local\temp
    2011-04-10 17:35 . 2011-04-10 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-10 17:35 . 2011-04-10 17:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-04-10 17:13 . 2011-04-10 17:13 -------- d-----w- c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}
    2011-04-10 16:54 . 2011-04-10 16:54 -------- d-----w- c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}
    2011-04-07 16:02 . 2011-04-07 16:02 -------- d-----w- c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}
    2011-04-07 15:59 . 2011-04-07 15:59 -------- d-----w- c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}
    2011-04-06 00:05 . 2011-04-06 00:05 -------- d-----w- c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}
    2011-04-06 00:02 . 2011-04-06 00:02 -------- d-----w- C:\_OTM
    2011-04-05 23:52 . 2011-04-05 23:52 -------- d-----w- c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}
    2011-04-05 21:54 . 2011-04-05 21:54 -------- d-----w- c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}
    2011-04-05 02:11 . 2011-04-05 02:11 -------- d-----w- c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}
    2011-04-04 13:32 . 2011-04-04 13:32 -------- d-----w- c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}
    2011-04-04 01:31 . 2011-04-04 01:32 -------- d-----w- c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}
    2011-04-03 13:31 . 2011-04-03 13:31 -------- d-----w- c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}
    2011-04-02 15:57 . 2011-04-02 15:57 -------- d-----w- c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}
    2011-04-01 16:55 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{189AD244-3E91-4B46-AF67-B52BEB2C3CB5}\mpengine.dll
    2011-04-01 16:50 . 2011-04-01 16:51 -------- d-----w- c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}
    2011-03-31 23:37 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\custom matrices
    2011-03-31 23:36 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\C2MP
    2011-03-31 15:08 . 2011-03-31 15:08 -------- d-----w- c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}
    2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\ESET
    2011-03-30 03:57 . 2011-03-30 03:57 89088 ----a-w- C:\mbr.exe
    2011-03-28 18:54 . 2011-03-28 18:54 -------- d-----w- c:\users\Jinai\AppData\Roaming\Avira
    2011-03-28 18:51 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-28 18:51 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\programdata\Avira
    2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\program files\Avira
    2011-03-28 17:07 . 2011-03-28 17:07 -------- d-----w- c:\windows\CheckSur
    2011-03-27 10:51 . 2010-05-26 10:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\users\Jinai\AppData\Roaming\SUPERAntiSpyware.com
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-27 00:43 . 2011-03-27 00:43 -------- d-----w- c:\program files\Sophos
    2011-03-26 15:31 . 2011-03-26 15:31 -------- d--h--w- c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
    2011-03-25 14:43 . 2011-03-25 14:43 -------- d--h--w- c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
    2011-03-24 16:25 . 2011-03-24 16:25 -------- d--h--w- c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
    2011-03-24 03:18 . 2011-03-24 03:18 -------- d--h--w- c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
    2011-03-23 15:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-23 15:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-23 15:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-03-22 19:45 . 2011-03-18 17:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2011-03-22 19:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-03-22 19:45 . 2011-03-18 17:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2011-03-22 19:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-03-22 19:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-18 00:52 . 2011-03-18 00:52 -------- d-----w- c:\windows\en
    2011-03-18 00:52 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-03-18 00:43 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-03-18 00:43 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-03-18 00:43 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-03-18 00:39 . 2011-03-21 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-03-18 00:35 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2011-03-18 00:32 . 2011-03-18 00:32 469256 ---ha-w- c:\program files\Common Files\Windows Live\.cache\f45602771cbe50308\InstallManager_WLE_WLE.exe
    2011-03-18 00:32 . 2011-03-18 00:32 15712 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ecb334c71cbe50307\MeshBetaRemover.exe
    2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DSETUP.dll
    2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DXSETUP.exe
    2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\dsetup32.dll
    2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DSETUP.dll
    2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DXSETUP.exe
    2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\dsetup32.dll
    2011-03-18 00:31 . 2011-03-18 00:31 6260088 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e27634371cbe50304\Silverlight.4.0.exe
    2011-03-18 00:31 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\Windows Live
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-18 14:52 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-22 19:39 . 2011-02-22 19:39 240640 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-02-07 18:00 . 2011-02-07 18:00 925667 ----a-w- c:\windows\system32\ffmpegmt.dll
    2011-02-07 18:00 . 2011-02-07 18:00 721798 ----a-w- c:\windows\system32\xvidcore.dll
    2011-02-07 18:00 . 2011-02-07 18:00 65024 ----a-w- c:\windows\system32\FLT_ffdshow.dll
    2011-02-07 18:00 . 2011-02-07 18:00 3669504 ----a-w- c:\windows\system32\ffdshow.ax
    2011-02-07 18:00 . 2011-02-07 18:00 336384 ----a-w- c:\windows\system32\ff_libfaad2.dll
    2011-02-07 18:00 . 2011-02-07 18:00 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2011-02-07 18:00 . 2011-02-07 18:00 216576 ----a-w- c:\windows\system32\ff_libdts.dll
    2011-02-07 18:00 . 2011-02-07 18:00 1529856 ----a-w- c:\windows\system32\ff_samplerate.dll
    2011-02-07 18:00 . 2011-02-07 18:00 151552 ----a-w- c:\windows\system32\ff_libmad.dll
    2011-02-07 18:00 . 2011-02-07 18:00 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
    2011-02-07 18:00 . 2011-02-07 18:00 140800 ----a-w- c:\windows\system32\ff_unrar.dll
    2011-02-07 18:00 . 2011-02-07 18:00 121856 ----a-w- c:\windows\system32\ff_liba52.dll
    2011-02-07 18:00 . 2011-02-07 18:00 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
    2011-02-07 17:45 . 2011-02-07 17:45 80896 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-02-07 17:39 . 2011-02-07 17:39 4166551 ----a-w- c:\windows\system32\ffmpeg.dll
    2011-02-02 20:40 . 2010-04-18 03:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:11 . 2009-10-03 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:37 . 2011-02-08 19:46 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-08 19:46 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-08 19:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-08 19:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-08 19:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-08 19:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-08 19:46 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-08 19:46 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-08 19:46 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-08 19:46 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-08 19:46 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-08 19:46 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-08 19:46 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-08 19:46 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-08 19:46 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-08 19:46 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-08 19:46 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-08 19:46 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-08 19:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-08 19:46 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-08 19:46 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-08 19:46 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-08 19:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-08 19:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-08 19:46 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-18 17:53 . 2011-03-22 19:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 68856]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
    backup=c:\windows\pss\SetPointII.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 01:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-06-10 00:12 118784 ---ha-w- c:\program files\Apoint\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2007-10-11 07:45 31232 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
    2009-06-29 08:51 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C48 Series]
    2005-05-16 19:00 99840 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_S4I091.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
    2007-12-13 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2008-05-21 21:00 151552 ---h--w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-01-09 13:23 178712 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-01-09 13:23 150040 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-10-10 14:46 69632 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
    2011-03-10 03:01 37943240 ----a-w- c:\windows\System32\mrt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ---ha-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
    2008-07-16 23:17 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-01-09 13:23 154136 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-08-25 00:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-10 23:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-02-04 11:13 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 10:43 248040 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-02 13:57 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-02 15:49 198160 ---ha-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
    2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9A3B.tmp [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-06-29 143467]
    R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-17 233472]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
    R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
    R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
    R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
    R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 10:20]
    .
    2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
    .
    2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Crawler Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Jinai\AppData\Roaming\Mozilla\Firefox\Profiles\hqyixclv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
    AddRemove-Adobe ConnectNow Add-in - c:\users\Jinai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\acaddin\acaddin.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-10 18:35
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\9A3B.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1048)
    c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    .
    Completion time: 2011-04-10 18:41:41
    ComboFix-quarantined-files.txt 2011-04-10 17:41
    ComboFix2.txt 2011-03-31 02:31
    .
    Pre-Run: 62,489,853,952 bytes free
    Post-Run: 61,924,016,128 bytes free
    .
    - - End Of File - - FCFC950B6AE415D27BEA6FAA0F5D7D6B
     
  18. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    And the HJT Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:47:31, on 10/04/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Windows\System32\mobsync.exe
    D:\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?rd=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware (AAWService) - Unknown owner - c:\progra~1\lavasoft\ad-ware\aawser~1.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 6927 bytes
     
  19. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    I think I am the Admin on the operating system. So yeah.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please download MBRCheck and save to your desktop
    • Double click MBRCheck.exe to run (Vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      [o] Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      [o] Found non-standard or infected MBR.
      [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Paste this log to your next message.
    ==========================================
    Before you run the script below, I's like you to see if there is any identifying information on the entries in the File:: section beginning with c:\users\Jinai\AppData\Local\numerical string
    Most of the time when I ask this it comes back with just an empty folder. But I can't identify any of the numerical strings- but something is creating them! I have removed many, but more come back.

    You can use Windows Explorer (Windows key + E) find the AppData for Jinai and do a right click> Properties on any of them. See if there is any information.
    ============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\users\Jinai\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Administrator\AppData\Local\temp
    c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}
    c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}
    c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}
    c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}
    c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}
    c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}
    c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}
    c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}
    c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}
    c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}
    c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}
    c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}
    c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}
    c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}
    c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
    c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
    c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
    c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
    c:\windows\system32\9A3B.tmp
    c:\windows\System32\Drivers\sptd.sys
    DDS::
    IE: Crawler Search
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.htm\UserChoice]
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.html\UserChoice]
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.shtml\UserChoice]
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.xht\UserChoice]
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.xhtml\UserChoice]
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"=-
    Driver::
    MEMSWEEP2
    sptd
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  21. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    Here is the MBRCheck Log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Sony Corporation
    BIOS Manufacturer: Phoenix Technologies LTD
    System Manufacturer: Sony Corporation
    System Product Name: VGN-NR21J_S
    Logical Drives Mask: 0x0000032c

    Kernel Drivers (total 161):
    0x82235000 \SystemRoot\system32\ntkrnlpa.exe
    0x82202000 \SystemRoot\system32\hal.dll
    0x80602000 \SystemRoot\system32\kdcom.dll
    0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80679000 \SystemRoot\system32\PSHED.dll
    0x8068A000 \SystemRoot\system32\BOOTVID.dll
    0x80692000 \SystemRoot\system32\CLFS.SYS
    0x806D3000 \SystemRoot\system32\CI.dll
    0x87C0E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x87C8A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x87C97000 \SystemRoot\system32\drivers\acpi.sys
    0x87CDD000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x87CE6000 \SystemRoot\system32\drivers\msisadrv.sys
    0x87CEE000 \SystemRoot\system32\drivers\pci.sys
    0x87D15000 \SystemRoot\System32\drivers\partmgr.sys
    0x87D24000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x87D27000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x87D31000 \SystemRoot\system32\drivers\volmgr.sys
    0x87D40000 \SystemRoot\System32\drivers\volmgrx.sys
    0x87D8A000 \SystemRoot\system32\drivers\intelide.sys
    0x87D91000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x87D9F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x87DCC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x87E02000 \SystemRoot\system32\drivers\iastorv.sys
    0x87EA2000 \SystemRoot\system32\drivers\iastor.sys
    0x87F60000 \SystemRoot\system32\drivers\atapi.sys
    0x87F68000 \SystemRoot\system32\drivers\ataport.SYS
    0x87F86000 \SystemRoot\system32\drivers\fltmgr.sys
    0x87FB8000 \SystemRoot\system32\drivers\fileinfo.sys
    0x87FC8000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x88008000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x88079000 \SystemRoot\system32\drivers\ndis.sys
    0x88184000 \SystemRoot\system32\drivers\msrpc.sys
    0x881AF000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88206000 \SystemRoot\System32\drivers\tcpip.sys
    0x882F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88402000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88512000 \SystemRoot\system32\drivers\volsnap.sys
    0x8854B000 \SystemRoot\System32\Drivers\spldr.sys
    0x88553000 \SystemRoot\System32\Drivers\mup.sys
    0x88562000 \SystemRoot\System32\drivers\ecache.sys
    0x88589000 \SystemRoot\system32\drivers\disk.sys
    0x8859A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x885BB000 \SystemRoot\system32\drivers\crcdisk.sys
    0x885C4000 \SystemRoot\System32\Drivers\BtHidBus.sys
    0x885D5000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x885E0000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x885E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x885F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8D005000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8D700000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8D7A0000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D7AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8D7B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x883C9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8DC0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8DC9A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
    0x8DCD9000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8DD9A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8DDAA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8DE02000 \SystemRoot\system32\drivers\ti21sony.sys
    0x8DECE000 \SystemRoot\system32\DRIVERS\SFEP.sys
    0x8DED1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8DEE4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8DEEF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8DF18000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8DF23000 \SystemRoot\system32\drivers\Afc.sys
    0x8DF2B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8DF43000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8DF49000 \SystemRoot\System32\Drivers\btnetBus.sys
    0x8DF4F000 \SystemRoot\System32\Drivers\VcommMgr.sys
    0x8DF56000 \SystemRoot\System32\Drivers\IvtBtBus.sys
    0x8DF5B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8DF8A000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8DFCB000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8DFD6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8DFED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8DDB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8DDDB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8DDEA000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x883D8000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x883ED000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x87FD2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x807B3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8DFF8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8E803000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8E82D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8E837000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8E844000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8E879000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8EC03000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8EDC3000 \SystemRoot\system32\drivers\portcls.sys
    0x8E88A000 \SystemRoot\system32\drivers\drmk.sys
    0x8E8AF000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
    0x8E8EB000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    0x8EE0D000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    0x8EEC0000 \SystemRoot\system32\drivers\modem.sys
    0x8EECD000 \??\C:\Windows\system32\SAVRKBootTasks.sys
    0x8EED2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8EEDB000 \SystemRoot\System32\Drivers\Null.SYS
    0x8EEE2000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8EEF2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8EEF9000 \SystemRoot\System32\drivers\vga.sys
    0x8EF05000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8EF26000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8EF2E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8EF36000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8EF41000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8EF4F000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8EF58000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8EF6E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8EFA0000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8EFB4000 \SystemRoot\system32\drivers\afd.sys
    0x881EA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8EDF0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x87DDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8EE00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x807D9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x8EE06000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x8C001000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8C03D000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8C047000 \SystemRoot\system32\DRIVERS\DMICall.sys
    0x8C048000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8C05F000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x8C085000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8C092000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x9F6C0000 \SystemRoot\System32\win32k.sys
    0x8C150000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8C15A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9F8E0000 \SystemRoot\System32\TSDDD.dll
    0x9F900000 \SystemRoot\System32\cdd.dll
    0x9F910000 \SystemRoot\System32\ATMFD.DLL
    0x8C169000 \SystemRoot\system32\drivers\luafv.sys
    0x8C184000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x8C1A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8C1B1000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8C1DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8C1E5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x8830B000 \SystemRoot\system32\drivers\HTTP.sys
    0x88378000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x88395000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x883AE000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xB4C00000 \SystemRoot\system32\drivers\mrxdav.sys
    0xB4C21000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB4C40000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xB4C79000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xB4C91000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xB4CB9000 \SystemRoot\system32\drivers\spsys.sys
    0xB4D69000 \SystemRoot\System32\DRIVERS\srv.sys
    0xB3A07000 \SystemRoot\system32\drivers\peauth.sys
    0xB3AE5000 \SystemRoot\system32\drivers\regi.sys
    0xB3AE7000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xB3AF1000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xB3AFD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xB3B12000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xB3B24000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xB3B3A000 \SystemRoot\System32\Drivers\AFGSp50.sys
    0xB3B3F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB3B54000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB3B56000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x77140000 \Windows\System32\ntdll.dll

    Processes (total 54):
    0 System Idle Process
    4 System
    444 C:\Windows\System32\smss.exe
    576 csrss.exe
    612 C:\Windows\System32\wininit.exe
    640 csrss.exe
    664 C:\Windows\System32\services.exe
    680 C:\Windows\System32\lsass.exe
    688 C:\Windows\System32\lsm.exe
    772 C:\Windows\System32\winlogon.exe
    876 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1152 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\audiodg.exe
    1276 C:\Windows\System32\SLsvc.exe
    1316 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\svchost.exe
    1660 C:\Windows\System32\spoolsv.exe
    1692 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1704 C:\Windows\System32\svchost.exe
    1840 C:\Windows\System32\dwm.exe
    1876 C:\Windows\explorer.exe
    2044 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    296 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    544 C:\Windows\System32\svchost.exe
    1232 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    1892 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2088 C:\Windows\System32\svchost.exe
    2108 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2220 C:\Windows\System32\taskeng.exe
    2272 C:\Windows\System32\svchost.exe
    2364 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2408 C:\Windows\System32\SearchIndexer.exe
    2692 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2756 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    2772 C:\Program Files\iTunes\iTunesHelper.exe
    2780 C:\Program Files\QuickTime\QTTask.exe
    2788 C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    2796 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2804 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2812 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2824 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2832 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    2920 WUDFHost.exe
    2348 C:\Program Files\iPod\bin\iPodService.exe
    3004 C:\Windows\System32\svchost.exe
    1716 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    1372 C:\Program Files\QuickTime\QuickTimePlayer.exe
    792 C:\Windows\System32\SearchProtocolHost.exe
    3872 C:\Windows\System32\SearchFilterHost.exe
    484 C:\Users\Jinai\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`d7700000 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHY2200BH, Rev: 0000000B

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  22. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    And the CF Log:

    ComboFix 11-04-09.01 - Jinai 12/04/2011 0:19.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1105 [GMT 1:00]
    Running from: D:\ComboFix.exe
    Command switches used :: c:\users\Jinai\Desktop\cfscript.txt
    AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Administrator\AppData\Local\temp"
    "c:\users\Default\AppData\Local\temp"
    "c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}"
    "c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}"
    "c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}"
    "c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}"
    "c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}"
    "c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}"
    "c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}"
    "c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}"
    "c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}"
    "c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}"
    "c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}"
    "c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}"
    "c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}"
    "c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}"
    "c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}"
    "c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}"
    "c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}"
    "c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}"
    "c:\users\Jinai\AppData\Local\temp"
    "c:\windows\system32\9A3B.tmp"
    "c:\windows\System32\Drivers\sptd.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MEMSWEEP2
    -------\Legacy_SPTD
    -------\Service_MEMSWEEP2
    -------\Service_sptd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-11 23:30 . 2011-04-11 23:34 -------- d-----w- c:\users\Jinai\AppData\Local\temp
    2011-04-11 23:30 . 2011-04-11 23:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-11 23:30 . 2011-04-11 23:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-04-11 17:22 . 2011-04-11 17:22 -------- d-----w- c:\users\Jinai\AppData\Local\{AD17B79A-F411-47ED-8468-DD1258930374}
    2011-04-10 17:46 . 2011-04-10 17:46 -------- d-----w- c:\users\Jinai\AppData\Local\{FC4492F4-FF24-4595-B341-CDBDCFD680DC}
    2011-04-10 17:13 . 2011-04-10 17:13 -------- d-----w- c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}
    2011-04-10 16:54 . 2011-04-10 16:54 -------- d-----w- c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}
    2011-04-07 16:02 . 2011-04-07 16:02 -------- d-----w- c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}
    2011-04-07 15:59 . 2011-04-07 15:59 -------- d-----w- c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}
    2011-04-06 00:05 . 2011-04-06 00:05 -------- d-----w- c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}
    2011-04-06 00:02 . 2011-04-06 00:02 -------- d-----w- C:\_OTM
    2011-04-05 23:52 . 2011-04-05 23:52 -------- d-----w- c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}
    2011-04-05 21:54 . 2011-04-05 21:54 -------- d-----w- c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}
    2011-04-05 02:11 . 2011-04-05 02:11 -------- d-----w- c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}
    2011-04-04 13:32 . 2011-04-04 13:32 -------- d-----w- c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}
    2011-04-04 01:31 . 2011-04-04 01:32 -------- d-----w- c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}
    2011-04-03 13:31 . 2011-04-03 13:31 -------- d-----w- c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}
    2011-04-02 15:57 . 2011-04-02 15:57 -------- d-----w- c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}
    2011-04-01 16:55 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{189AD244-3E91-4B46-AF67-B52BEB2C3CB5}\mpengine.dll
    2011-04-01 16:50 . 2011-04-01 16:51 -------- d-----w- c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}
    2011-03-31 23:37 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\custom matrices
    2011-03-31 23:36 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\C2MP
    2011-03-31 15:08 . 2011-03-31 15:08 -------- d-----w- c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}
    2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\ESET
    2011-03-30 03:57 . 2011-03-30 03:57 89088 ----a-w- C:\mbr.exe
    2011-03-28 18:54 . 2011-03-28 18:54 -------- d-----w- c:\users\Jinai\AppData\Roaming\Avira
    2011-03-28 18:51 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-28 18:51 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\programdata\Avira
    2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\program files\Avira
    2011-03-28 17:07 . 2011-03-28 17:07 -------- d-----w- c:\windows\CheckSur
    2011-03-27 10:51 . 2010-05-26 10:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\users\Jinai\AppData\Roaming\SUPERAntiSpyware.com
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-27 00:43 . 2011-03-27 00:43 -------- d-----w- c:\program files\Sophos
    2011-03-26 15:31 . 2011-03-26 15:31 -------- d--h--w- c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
    2011-03-25 14:43 . 2011-03-25 14:43 -------- d--h--w- c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
    2011-03-24 16:25 . 2011-03-24 16:25 -------- d--h--w- c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
    2011-03-24 03:18 . 2011-03-24 03:18 -------- d--h--w- c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
    2011-03-23 15:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-23 15:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-23 15:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-03-22 19:45 . 2011-03-18 17:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2011-03-22 19:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-03-22 19:45 . 2011-03-18 17:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2011-03-22 19:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-03-22 19:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-03-22 19:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-18 00:52 . 2011-03-18 00:52 -------- d-----w- c:\windows\en
    2011-03-18 00:52 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-03-18 00:43 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-03-18 00:43 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-03-18 00:43 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-03-18 00:39 . 2011-03-21 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-03-18 00:35 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2011-03-18 00:32 . 2011-03-18 00:32 469256 ---ha-w- c:\program files\Common Files\Windows Live\.cache\f45602771cbe50308\InstallManager_WLE_WLE.exe
    2011-03-18 00:32 . 2011-03-18 00:32 15712 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ecb334c71cbe50307\MeshBetaRemover.exe
    2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DSETUP.dll
    2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DXSETUP.exe
    2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\dsetup32.dll
    2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DSETUP.dll
    2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DXSETUP.exe
    2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\dsetup32.dll
    2011-03-18 00:31 . 2011-03-18 00:31 6260088 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e27634371cbe50304\Silverlight.4.0.exe
    2011-03-18 00:31 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\Windows Live
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-18 14:52 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-22 19:39 . 2011-02-22 19:39 240640 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-02-07 18:00 . 2011-02-07 18:00 925667 ----a-w- c:\windows\system32\ffmpegmt.dll
    2011-02-07 18:00 . 2011-02-07 18:00 721798 ----a-w- c:\windows\system32\xvidcore.dll
    2011-02-07 18:00 . 2011-02-07 18:00 65024 ----a-w- c:\windows\system32\FLT_ffdshow.dll
    2011-02-07 18:00 . 2011-02-07 18:00 3669504 ----a-w- c:\windows\system32\ffdshow.ax
    2011-02-07 18:00 . 2011-02-07 18:00 336384 ----a-w- c:\windows\system32\ff_libfaad2.dll
    2011-02-07 18:00 . 2011-02-07 18:00 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2011-02-07 18:00 . 2011-02-07 18:00 216576 ----a-w- c:\windows\system32\ff_libdts.dll
    2011-02-07 18:00 . 2011-02-07 18:00 1529856 ----a-w- c:\windows\system32\ff_samplerate.dll
    2011-02-07 18:00 . 2011-02-07 18:00 151552 ----a-w- c:\windows\system32\ff_libmad.dll
    2011-02-07 18:00 . 2011-02-07 18:00 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
    2011-02-07 18:00 . 2011-02-07 18:00 140800 ----a-w- c:\windows\system32\ff_unrar.dll
    2011-02-07 18:00 . 2011-02-07 18:00 121856 ----a-w- c:\windows\system32\ff_liba52.dll
    2011-02-07 18:00 . 2011-02-07 18:00 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
    2011-02-07 17:45 . 2011-02-07 17:45 80896 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-02-07 17:39 . 2011-02-07 17:39 4166551 ----a-w- c:\windows\system32\ffmpeg.dll
    2011-02-02 20:40 . 2010-04-18 03:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:11 . 2009-10-03 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:37 . 2011-02-08 19:46 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-08 19:46 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-08 19:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-08 19:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-08 19:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-08 19:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-08 19:46 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-08 19:46 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-08 19:46 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-08 19:46 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-08 19:46 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-08 19:46 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-08 19:46 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-08 19:46 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-08 19:46 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-08 19:46 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-08 19:46 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-08 19:46 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-08 19:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-08 19:46 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-08 19:46 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-08 19:46 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-08 19:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-08 19:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-08 19:46 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-18 17:53 . 2011-03-22 19:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 68856]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
    backup=c:\windows\pss\SetPointII.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 01:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-06-10 00:12 118784 ---ha-w- c:\program files\Apoint\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2007-10-11 07:45 31232 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
    2009-06-29 08:51 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C48 Series]
    2005-05-16 19:00 99840 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_S4I091.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
    2007-12-13 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2008-05-21 21:00 151552 ---h--w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-01-09 13:23 178712 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-01-09 13:23 150040 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-10-10 14:46 69632 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
    2011-03-10 03:01 37943240 ----a-w- c:\windows\System32\mrt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ---ha-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
    2008-07-16 23:17 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-01-09 13:23 154136 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-08-25 00:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-10 23:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-02-04 11:13 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 10:43 248040 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-02 13:57 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-02 15:49 198160 ---ha-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
    2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-06-29 143467]
    R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-17 233472]
    R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
    R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
    R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
    R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
    R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 10:20]
    .
    2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
    .
    2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Crawler Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Jinai\AppData\Roaming\Mozilla\Firefox\Profiles\hqyixclv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-12 00:33
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(328)
    c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-12 00:43:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-11 23:43
    ComboFix2.txt 2011-04-10 17:41
    ComboFix3.txt 2011-03-31 02:31
    .
    Pre-Run: 63,033,143,296 bytes free
    Post-Run: 62,669,000,704 bytes free
    .
    - - End Of File - - D0EFF2C09E1A100D9D5D603340C3405C
     
  23. Jinai

    Jinai TS Rookie Topic Starter Posts: 33

    I checked for the folder and found that it was not empty, infact there was a lot of stuff inside it!
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You need to read my directions carefully.
    Old dopey me "thought" you would tell me what the stuff was before you went ahead and ran the script! But whatever they were, they are gone and now a new batch of the same data has appeared.

    I need to have some idea of what there folders hold, so please give me some idea of what this stuff is!
    I ask you to try to identify the appdata before you ran the script. Once again, the entries were removed and once again, just as many are back again!

    I also asked a specific question about the handling of file extensions in the Registry. Did you set these?
    These are examples- there are more: They are all in Firefox. They are not 'usual' entries:
    Please give me an update on the system. Have problems been resolved?
     
  25. Jinai

    Jinai TS Rookie Topic Starter Posts: 33



    Apologies! I've been quite busy recently so I haven't had time to reply to this topic. The things that are in the folder seems to be different folders (maybe around 20 or so) with different numerical strings, however theres nothing inside.

    Nope, I didn't set these. The problem still hasn't been resolved, my desktop screen is still black and most of my files are still hidden (they seem to have been converted into hidden files).
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...