Inactive Desktop background and files/folder trouble

[Jinai]

Hey guys, how've you all been?

Basically, just two days ago I was hit by some kind of Malware called Windows Repair, now I did my fair share of research and found many other rogue anti virus programs this particular one is related to (IE: HDD Defragmenter, Win Defragmenter etc) - provided by the blog: XXXXXXX

(I am running on Windows Vista Home Premium, but not sure whether it is 32 or 64bit.)

Once the system was attacked, error messages started to pop up (such as "RAM memory critically high", "hard drive failure", "files at risk" etc). Fortunately I still was able to see my desktop, but most of the icons were sort of "transparent" as opposed to the normal "solid" state of it. The task manager was unable to be called upon. I didn't click the silly rogue program's deception and quickly booted the system into safe mode and tried to get rid of it from there.

I first did a Malwarebyte scan (full scan) and nothing came up. Did a Spybot scan, things were found but nothing helped ease the pain. Then I went onto the "Deletemalware" blog to see if the solutions for the rogue program's other family members would help (because they are very similar), followed a lot of the steps (such as "regedit" businesses), did a "SUPERanti spyware free edition" full scan and came out with some results. Booted my laptop into normal mode and then found some more problems - desktop background turned black, and most system files hijacked, cannot access start programs (I can see my files are on the system). Fortunately I can access my computer and task manager to do stuffs.

Upon the second boot, I ran a "Sophos" rookit scan to see if it helped. Did not work (even though results came up).

Now I'm at this stage where I am almost defeated. So, could anyone help me out here?

Edit: Possible rogue link deleted.

 

[Jinai]

Here is my current hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:04:47, on 28/03/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\dxdiag.exe
C:\Users\Jinai\Desktop\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?rd=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Lavasoft Ad-Aware (AAWService) - Unknown owner - c:\progra~1\lavasoft\ad-ware\aawser~1.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9729 bytes

 

[Bobbye]

Welcome to TechSpot! There is a Rogue Error Fix program going around that alerts you to 'false' errors in an attempt to get you to click on something to fix it. You should not attempt to act on anything coming from an unknown source. You should be familiar enough with your system to determine if it is a legitimate warning from the Operating System or one of the security program on the system.

If you are not sure, do nothing!. I have recently worked with 2 members who have been victims of this rogue program: one of the found no programs listed in his All Programs list. The other was given a message that he was locked out of his computer. Both alerts were generated by the Rogue Error Fix and did not represent actual errors.

If you get a popups or alert on your system, Never click on any site that is telling you it will fix the problem! I am deleting your reference to the blog because as far as I can determine, someone just set up the site. It may be legit, but when in doubt "don't!"
=========================================
We don't screen for malware with HijackThis.
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

In addition to these scans, I will make one reference to you: this Rogue Error Fix is spreading big time though Facebook. If you are a Facebook member, please see my post>https://www.techspot.com/vb/topic162959.html

 

[Jinai]

Thank you for your reply! Here are the Logs you asked (split into two posts):

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6201

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

29/03/2011 13:31:17
mbam-log-2011-03-29 (13-31-17).txt

Scan type: Quick scan
Objects scanned: 169923
Time elapsed: 16 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Jinai]

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jinai at 20:05:57.41 on 29/03/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.869 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jinai\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-8287-79A187E26987} - No File
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Crawler Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jinai\appdata\roaming\mozilla\firefox\profiles\hqyixclv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\firefox\components\xwsg.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\jinai\appdata\roaming\mozilla\firefox\profiles\hqyixclv.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\FFExternalAlert.dll
FF - component: c:\users\jinai\appdata\roaming\mozilla\firefox\profiles\hqyixclv.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\RadioWMPCore.dll
FF - component: c:\users\jinai\appdata\roaming\mozilla\firefox\profiles\hqyixclv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\jinai\appdata\roaming\mozilla\firefox\profiles\hqyixclv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-3-27 18816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-28 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-28 61960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-7 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-7 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-10-5 312152]
S3 AAWService;Lavasoft Ad-Aware;c:\progra~1\lavasoft\ad-ware\aawser~1.exe --> c:\progra~1\lavasoft\ad-ware\aawser~1.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-6-29 143467]
S4 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-5-29 233472]
S4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-11-19 745472]
S4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-11-19 397312]
S4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-11-19 1089536]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-11-19 292128]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-5-29 87328]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-29 12:28:30 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{403e65c6-356b-4035-a412-96f2d58c116a}\mpengine.dll
2011-03-29 12:11:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 12:05:41 -------- d-----w- c:\users\jinai\appdata\local\{7C2A947A-C1D2-41A4-924E-EB318EE67F85}
2011-03-28 18:54:20 -------- d-----w- c:\users\jinai\appdata\roaming\Avira
2011-03-28 18:51:35 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-28 18:51:29 -------- d-----w- c:\program files\Avira
2011-03-28 18:51:29 -------- d-----w- c:\progra~2\Avira
2011-03-28 17:07:07 -------- d-----w- c:\windows\CheckSur
2011-03-28 17:04:18 -------- d-----w- c:\users\jinai\appdata\local\{6C103448-B457-4810-B59F-978D86824FA5}
2011-03-27 23:12:22 -------- d-----w- c:\users\jinai\appdata\local\{4B753C67-668C-474C-981B-253D652F8AC8}
2011-03-27 10:51:42 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 04:26:50 -------- d-----w- c:\users\jinai\appdata\local\{F8661618-8468-43C8-8DE7-7F0DDE950938}
2011-03-27 01:03:41 -------- d-----w- c:\users\jinai\appdata\roaming\SUPERAntiSpyware.com
2011-03-27 01:03:41 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-27 01:03:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-27 00:44:08 6144 ------w- c:\windows\system32\42EA.tmp
2011-03-27 00:44:01 6144 ------w- c:\windows\system32\297F.tmp
2011-03-27 00:43:51 -------- d-----w- c:\program files\Sophos
2011-03-26 15:31:06 -------- d--h--w- c:\users\jinai\appdata\local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
2011-03-25 14:43:17 -------- d--h--w- c:\users\jinai\appdata\local\{008C0DAA-5822-478E-B798-26BA595ED974}
2011-03-24 16:25:05 -------- d--h--w- c:\users\jinai\appdata\local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
2011-03-24 03:18:09 -------- d--h--w- c:\users\jinai\appdata\local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
2011-03-23 15:27:41 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 15:27:41 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:27:41 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 15:17:28 -------- d--h--w- c:\users\jinai\appdata\local\{6638CC24-34A9-4E7D-8A80-3130A7DF17B7}
2011-03-22 19:45:03 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-03-22 19:45:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-22 19:45:02 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-22 19:45:02 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-22 19:45:02 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-03-22 19:45:02 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-22 19:45:02 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-22 19:45:02 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-22 19:45:02 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-22 19:45:02 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-22 14:42:13 -------- d--h--w- c:\users\jinai\appdata\local\{32B69A5C-7D42-411F-B13B-D2262975FAB2}
2011-03-22 01:54:47 -------- d--h--w- c:\users\jinai\appdata\local\{8E52CCE3-FD1C-4F1B-8DDA-8F374804A301}
2011-03-21 10:47:31 -------- d--h--w- c:\users\jinai\appdata\local\{B7D3B0B6-8351-476F-B5DD-E10FB9952AB5}
2011-03-21 10:47:31 -------- d--h--w- c:\users\jinai\appdata\local\{02AF9735-4BF3-43C3-99A4-FEB0C35C9A06}
2011-03-20 14:02:03 -------- d--h--w- c:\users\jinai\appdata\local\{9FFBE5DC-FDC1-475C-8F87-2E6A037893BA}
2011-03-19 23:11:06 -------- d--h--w- c:\users\jinai\appdata\local\{D5F3E161-56C2-4B8F-ACAE-66DA68E14335}
2011-03-18 14:54:01 -------- d--h--w- c:\users\jinai\appdata\local\{2F9E0567-7119-44D1-88C0-89B9886ED4DD}
2011-03-18 00:56:16 -------- d--h--w- c:\users\jinai\appdata\local\{4B2A50DB-18D9-44B8-A8B7-3504360D5CA5}
2011-03-18 00:52:47 -------- d-----w- c:\windows\en
2011-03-18 00:52:09 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-18 00:43:08 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-18 00:43:08 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-18 00:43:08 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 00:35:37 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-18 00:32:35 469256 ---ha-w- c:\program files\common files\windows live\.cache\f45602771cbe50308\InstallManager_WLE_WLE.exe
2011-03-18 00:32:13 15712 ---ha-w- c:\program files\common files\windows live\.cache\ecb334c71cbe50307\MeshBetaRemover.exe
2011-03-18 00:32:09 94040 ---ha-w- c:\program files\common files\windows live\.cache\ea0f16d71cbe50306\DSETUP.dll
2011-03-18 00:32:09 525656 ---ha-w- c:\program files\common files\windows live\.cache\ea0f16d71cbe50306\DXSETUP.exe
2011-03-18 00:32:09 1691480 ---ha-w- c:\program files\common files\windows live\.cache\ea0f16d71cbe50306\dsetup32.dll
2011-03-18 00:32:05 94040 ---ha-w- c:\program files\common files\windows live\.cache\e70b9ad71cbe50305\DSETUP.dll
2011-03-18 00:32:05 525656 ---ha-w- c:\program files\common files\windows live\.cache\e70b9ad71cbe50305\DXSETUP.exe
2011-03-18 00:32:05 1691480 ---ha-w- c:\program files\common files\windows live\.cache\e70b9ad71cbe50305\dsetup32.dll
2011-03-18 00:31:59 6260088 ---ha-w- c:\program files\common files\windows live\.cache\e27634371cbe50304\Silverlight.4.0.exe
2011-03-18 00:31:14 -------- d--h--w- c:\users\jinai\appdata\local\Windows Live
2011-03-09 14:42:16 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:42:16 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:42:16 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:42:16 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:42:15 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 14:42:15 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-05 17:23:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-05 17:23:52 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-03 15:37:30 -------- d-----w- c:\program files\SystemRequirementsLab
2011-02-27 23:57:02 -------- d-----w- c:\program files\Yuna Software
.
==================== Find3M ====================
.
2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:07:11.56 ===============

 

[Jinai]

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/03/2008 04:05:49
System Uptime: 29/03/2011 13:01:11 (7 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | N/A | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 179 GiB total, 43.107 GiB free.
F: is CDROM ()
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1037: 28/03/2011 18:05:46 - Windows Update
RP1038: 28/03/2011 19:35:33 - Removed YVD
RP1039: 29/03/2011 13:27:04 - Windows Update
.
==== Installed Programs ======================
.
.
888poker
AceHTML Freeware
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe ConnectNow Add-in
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
µTorrent
Audacity 1.2.6
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bluesoleil 6.4.269.0
Bonjour
Business Contact Manager for Outlook 2007 SP2
Camera RAW Plug-In for EPSON Creativity Suite
Click to Disc
Click to Disc Editor
Connect
Crawler Toolbar with Web Security Guard
CyberLink PowerDirector
D3DX10
Daniusoft MOD Converter(Build 2.1.0.33)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dropbox
DVD-lab PRO 2.51
EPSON Easy Photo Print
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Manual
erLT
FlashGet 1.9.6.1073
G9x User's Guide
gBurner
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GearDrvs
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
IObit Security 360
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
kuler
Logitech MouseWare 9.79.1
Logitech SetPoint 5.10
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Messenger Plus! 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Moog Modular V v2.2
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Club VAIO
NCH Toolbox
Nero 7 Ultra Edition
neroxml
Neverwinter Nights
Nimo Codecs Pack v5.0 (Remove Only)
Nokia Connectivity Cable Driver
Norton 360
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
OpenOffice.org 3.1
Pando Media Booster
PC Connectivity Solution
PDF Settings CS4
PHOTOfunSTUDIO -viewer-
Photoshop Camera Raw
PowerCinema NE for Everio
Prism Video Converter
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Recuva
Roxio Activation Module
Roxio Easy Media Creator Home
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Setting Utility Series
Sony Vegas Pro 8.0
Sony Video Shared Library
Sophos Anti-Rootkit 1.5.4
Spybot - Search & Destroy
Steam
Suite Shared Configuration CS4
SUPERAntiSpyware
System Requirements Lab
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Launcher
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO Original Function Setting
VAIO Power Management
VAIO Smart Network
VAIO Update 3
VAIO Wallpaper Contents
Ventrilo Client
Veoh Video Compass
Veoh Web Player
VideoLAN VLC media player 0.8.6e
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WampServer 2.0
WiFi-Manager SDK v5.2 Trial
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinDVD for VAIO
WinHTTrack Website Copier 3.43-2
WinRAR archiver
Wireless Manager
.
==== Event Viewer Messages From Past Week ========
.
29/03/2011 13:04:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr sptd
29/03/2011 13:04:13, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/03/2011 13:04:13, Error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
28/03/2011 20:45:20, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
27/03/2011 14:27:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr
27/03/2011 14:26:18, Error: sptd [4] - Driver detected an internal error in its data structures for .
27/03/2011 05:30:48, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
27/03/2011 00:48:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
27/03/2011 00:30:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr DMICall spldr sp_rsdrv2 Wanarpv6
27/03/2011 00:30:34, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27/03/2011 00:29:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/03/2011 00:29:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/03/2011 00:29:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
27/03/2011 00:29:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/03/2011 00:29:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
26/03/2011 20:22:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BTHidMgr DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sp_rsdrv2 tdx Wanarpv6
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2011 20:22:36, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2011 20:21:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
26/03/2011 20:21:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
26/03/2011 19:12:45, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
26/03/2011 19:12:27, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26/03/2011 17:59:19, Error: EventLog [6008] - The previous system shutdown at 17:56:06 on 26/03/2011 was unexpected.
.
==== End Of File ===========================

 

[Bobbye]

Sorry for delay- internet was down. Please don't put the logs in quotes. It takes a lot of room away.

There are processes we will be removing. Please run the following first:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=============================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

NOTE: I have deleted the HijackThis log. It is an out of date version and you can uninstall it. I will have you run it later and will give you link for current version.

 

[Jinai]

Thanks for your reply! Here is the ESET NOD32 Log:

C:\Users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53ACIHYQ\fb01fd[1].pdf JS/Exploit.Pdfka.ORP.Gen trojan
C:\Users\Jinai\AppData\Local\Temp\plugtmp-1\plugin-lib.php JS/Exploit.Pdfka.OSV.Gen trojan
C:\Users\Jinai\Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
C:\Users\Jinai\Downloads\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe a variant of Win32/Keygen.AR application

 

[Jinai]

And the ComboFix Log:

ComboFix 11-03-30.01 - Jinai 31/03/2011 3:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1082 [GMT 1:00]
Running from: c:\users\Jinai\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\program files\IObit\IObit Security 360\IS360mon.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\instantrails\instantrails.exe
c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\5X8JOBA.jpg
c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\AbM00aam5.jpg
c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\PM4XAaN.jpg
c:\users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Yl05yAm35.jpg
c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Windows Repair.lnk
c:\windows\system32\setup.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 02:17 . 2011-03-31 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-31 02:17 . 2011-03-31 02:22 -------- d-----w- c:\users\Jinai\AppData\Local\temp
2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\ESET
2011-03-30 23:24 . 2011-03-30 23:25 -------- d-----w- c:\users\Jinai\AppData\Local\{DAACF362-76FD-4CE3-A163-0A55FADD8365}
2011-03-30 08:44 . 2011-03-30 08:44 -------- d-----w- c:\users\Jinai\AppData\Local\{6A619BE8-3566-4D8C-A930-BD08AA705B02}
2011-03-30 03:57 . 2011-03-30 03:57 89088 ----a-w- C:\mbr.exe
2011-03-29 20:43 . 2011-03-29 20:43 -------- d-----w- c:\users\Jinai\AppData\Local\{4C328290-DCCA-4409-A6E7-2D5D4EEA54C2}
2011-03-29 12:28 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{403E65C6-356B-4035-A412-96F2D58C116A}\mpengine.dll
2011-03-29 12:05 . 2011-03-29 12:05 -------- d-----w- c:\users\Jinai\AppData\Local\{7C2A947A-C1D2-41A4-924E-EB318EE67F85}
2011-03-28 18:54 . 2011-03-28 18:54 -------- d-----w- c:\users\Jinai\AppData\Roaming\Avira
2011-03-28 18:51 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-28 18:51 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\programdata\Avira
2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\program files\Avira
2011-03-28 17:07 . 2011-03-28 17:07 -------- d-----w- c:\windows\CheckSur
2011-03-28 17:04 . 2011-03-28 17:04 -------- d-----w- c:\users\Jinai\AppData\Local\{6C103448-B457-4810-B59F-978D86824FA5}
2011-03-27 23:12 . 2011-03-27 23:12 -------- d-----w- c:\users\Jinai\AppData\Local\{4B753C67-668C-474C-981B-253D652F8AC8}
2011-03-27 10:51 . 2010-05-26 10:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 04:26 . 2011-03-27 04:27 -------- d-----w- c:\users\Jinai\AppData\Local\{F8661618-8468-43C8-8DE7-7F0DDE950938}
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\users\Jinai\AppData\Roaming\SUPERAntiSpyware.com
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-27 00:44 . 2010-05-26 10:39 6144 ------w- c:\windows\system32\42EA.tmp
2011-03-27 00:44 . 2010-05-26 10:39 6144 ------w- c:\windows\system32\297F.tmp
2011-03-27 00:43 . 2011-03-27 00:43 -------- d-----w- c:\program files\Sophos
2011-03-26 15:31 . 2011-03-26 15:31 -------- d--h--w- c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
2011-03-25 14:43 . 2011-03-25 14:43 -------- d--h--w- c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
2011-03-24 16:25 . 2011-03-24 16:25 -------- d--h--w- c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
2011-03-24 03:18 . 2011-03-24 03:18 -------- d--h--w- c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
2011-03-23 15:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 15:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 15:17 . 2011-03-23 15:17 -------- d--h--w- c:\users\Jinai\AppData\Local\{6638CC24-34A9-4E7D-8A80-3130A7DF17B7}
2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-22 19:45 . 2011-03-18 17:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-22 19:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-22 19:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-22 19:45 . 2011-03-18 17:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-22 19:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-22 19:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-22 19:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-22 19:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-22 14:42 . 2011-03-22 14:42 -------- d--h--w- c:\users\Jinai\AppData\Local\{32B69A5C-7D42-411F-B13B-D2262975FAB2}
2011-03-22 01:54 . 2011-03-22 01:54 -------- d--h--w- c:\users\Jinai\AppData\Local\{8E52CCE3-FD1C-4F1B-8DDA-8F374804A301}
2011-03-21 10:47 . 2011-03-21 10:48 -------- d--h--w- c:\users\Jinai\AppData\Local\{B7D3B0B6-8351-476F-B5DD-E10FB9952AB5}
2011-03-21 10:47 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\{02AF9735-4BF3-43C3-99A4-FEB0C35C9A06}
2011-03-20 14:02 . 2011-03-20 14:02 -------- d--h--w- c:\users\Jinai\AppData\Local\{9FFBE5DC-FDC1-475C-8F87-2E6A037893BA}
2011-03-19 23:11 . 2011-03-19 23:11 -------- d--h--w- c:\users\Jinai\AppData\Local\{D5F3E161-56C2-4B8F-ACAE-66DA68E14335}
2011-03-18 14:54 . 2011-03-19 03:00 -------- d--h--w- c:\users\Jinai\AppData\Local\{2F9E0567-7119-44D1-88C0-89B9886ED4DD}
2011-03-18 00:56 . 2011-03-18 00:56 -------- d--h--w- c:\users\Jinai\AppData\Local\{4B2A50DB-18D9-44B8-A8B7-3504360D5CA5}
2011-03-18 00:52 . 2011-03-18 00:52 -------- d-----w- c:\windows\en
2011-03-18 00:52 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-18 00:43 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-18 00:43 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-18 00:43 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 00:39 . 2011-03-21 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-18 00:35 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-18 00:32 . 2011-03-18 00:32 469256 ---ha-w- c:\program files\Common Files\Windows Live\.cache\f45602771cbe50308\InstallManager_WLE_WLE.exe
2011-03-18 00:32 . 2011-03-18 00:32 15712 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ecb334c71cbe50307\MeshBetaRemover.exe
2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DSETUP.dll
2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DXSETUP.exe
2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\dsetup32.dll
2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DSETUP.dll
2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DXSETUP.exe
2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\dsetup32.dll
2011-03-18 00:31 . 2011-03-18 00:31 6260088 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e27634371cbe50304\Silverlight.4.0.exe
2011-03-18 00:31 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\Windows Live
2011-03-09 14:42 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:42 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:42 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:42 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:42 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 14:42 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-05 17:23 . 2011-03-05 23:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-05 17:23 . 2011-03-05 22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-03 15:37 . 2011-03-03 15:37 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-03 15:37 . 2011-03-03 15:37 -------- d--h--w- c:\users\Jinai\AppData\Roaming\SystemRequirementsLab
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 14:52 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 18:11 . 2009-10-03 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 19:46 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 19:46 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 19:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 19:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 19:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-08 19:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-08 19:46 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 19:46 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 19:46 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 19:46 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 19:46 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 19:46 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 19:46 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 19:46 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 19:46 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 19:46 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 19:46 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 19:46 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 19:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 19:46 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 19:46 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 19:46 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 19:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 19:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 19:46 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-08 19:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 19:45 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-08 19:48 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:53 . 2011-03-22 19:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12 118784 ---ha-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 07:45 31232 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-06-29 08:51 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-03-21 08:30 486856 ---ha-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C48 Series]
2005-05-16 19:00 99840 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_S4I091.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
2007-12-13 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-05-21 21:00 151552 ---h--w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-09 13:23 178712 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-09 13:23 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-10-10 14:46 69632 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-03-10 03:01 37943240 ----a-w- c:\windows\System32\mrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ---ha-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-07-16 23:17 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-09 13:23 154136 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-25 00:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 23:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-02-04 11:13 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-02 13:57 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-02 15:49 198160 ---ha-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-12-23 19:18 2642168 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9A3B.tmp [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-06-29 143467]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-17 233472]
R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 10:20]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Jinai\AppData\Roaming\Mozilla\Firefox\Profiles\hqyixclv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
AddRemove-888poker - c:\progra~1\PACIFI~1\UNWISE.EXE
AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\program files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
AddRemove-Adobe_6c8e2cb4fd241c55406016127a6ab2e - c:\program files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
AddRemove-HijackThis - c:\users\Jinai\Desktop\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 03:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9A3B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2216)
c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2011-03-31 03:31:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-31 02:31
.
Pre-Run: 51,816,181,760 bytes free
Post-Run: 52,484,440,064 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9121B2F175CC807A675300DF0F1BC8F8

 

[Bobbye]

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53ACIHYQ\fb01fd[1].pdf 
  C:\Users\Jinai\AppData\Local\Temp\plugtmp-1\plugin-lib.php 
  C:\Users\Jinai\Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe 
  C:\Users\Jinai\Downloads\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================================
To clear the Java Plug-in cache: for exploits

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel. The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  There are three options on this window to clear the cache.Check all.
• . Delete Files
• .View Applications
• .View Applets
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.
==========================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
  in your next reply.

=========================================
You have 6 outdated versions of Java. Theae are all vulnerabilities to the system and need to be removed:
Please download JavaRa and unzip it to your desktop.
Important!
***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Then download and install then most current version and update of Java Runtime
Environment (JRE) HERE.
==========================================
Uninstall Iobit Security Not only is the program bad, but so it the site:

Poor malware removal left many executables, some actually still running. Poor malware blocking did not prevent installation of malware. By default, installation changes your homepage and search provider.doesn't do the job of removing malware or preventing malware installation.

Use Add/Remove Programs for the uninstall. Then use Windows explorer> My Computer> Local Drive (C)> Programs> find Iobit Security and do a right click> Delete on the program folder.

Maybe you didn't know you had it, but Combofix header has:

The following files were disabled during the run:
c:\program files\IObit\IObit Security 360\IS360mon.dll

=============================================
Uninstall the Crawler Toolbar. It is added when you use the Crawler Search.

Crawler Toolbar: This is not a virus or Trojan. It is an adware application. Upon execution this application install itself as a browser helper object (BHO) for the internet explorer. It adds an internet explorer toolbar name “Crawler Toolbar”. By using the added search bar, each search will lead the user to “portal.crawler.com”.
Privacy:
No license agreement is displayed during installation, although one could be displayed by another installer if bundled with another application. No privacy policy related to the software could be found.

I will review the logs when finished and give you some script to run in Combofix.
================================================

 

[Jinai]

Hey there, sorry for the delay. I did the steps you told me, the only thing I cannot find is the OTMoveIt3 Log (yes I looked where you told me to). Heres the CKscanner Log anyhow:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\windows\system32\office [keygen].exe
scanner sequence 3.NA.11
----- EOF -----

 

[Bobbye]

Please repeat the scan with OTM using the same entries in the Codebox.

 

[Jinai]

Hey there, after a mega thorough search I finally found it (it WAS in the place you told me, jus couldn't see it). Heres the log:

All processes killed
========== FILES ==========
File/Folder C:\Users\Jinai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53ACIHYQ\fb01fd[1].pdf not found.
File/Folder C:\Users\Jinai\AppData\Local\Temp\plugtmp-1\plugin-lib.php not found.
File/Folder C:\Users\Jinai\Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe not found.
File/Folder C:\Users\Jinai\Downloads\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jinai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98515 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Update
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67103 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 04072011_165936

 

[Bobbye]

Ha! It's amazing how many logs are found when I push for them. But I am puzzled about it: the date showing is today log created on 04072011. I had you run OTM 4 days ago> this logs shows zeros everywhere.

Have you removed the pirated Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN

Have to wonder about this also: office [keygen].exe
==================================
Have you finished with the other items I set up in my Reply #15? After you have, please run a new scan with Combofix and leave log in next post.

 

[Jinai]

Yeah, I did remove the Pirated software, dunno bout the other keygen you're on about though.

 

[Bobbye]

CK Scanner showed this: c:\windows\system32\office [keygen].exe

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\windows\system32\42EA.tmp
c:\windows\system32\297F.tmp
Folder::
c:\users\Jinai\AppData\Local\{DAACF362-76FD-4CE3-A163-0A55FADD8365}
c:\users\Jinai\AppData\Local\{6A619BE8-3566-4D8C-A930-BD08AA705B02}
c:\users\jinai\appdata\local\{32B69A5C-7D42-411F-B13B-D2262975FAB2}
c:\users\jinai\appdata\local\{8E52CCE3-FD1C-4F1B-8DDA-8F374804A301}
c:\users\jinai\appdata\local\{B7D3B0B6-8351-476F-B5DD-E10FB9952AB5}
c:\users\jinai\appdata\local\{02AF9735-4BF3-43C3-99A4-FEB0C35C9A06}
c:\users\jinai\appdata\local\{9FFBE5DC-FDC1-475C-8F87-2E6A037893BA}
c:\users\jinai\appdata\local\{D5F3E161-56C2-4B8F-ACAE-66DA68E14335}
c:\users\jinai\appdata\local\{2F9E0567-7119-44D1-88C0-89B9886ED4DD}
c:\users\jinai\appdata\local\{4B2A50DB-18D9-44B8-A8B7-3504360D5CA5}
c:\users\Jinai\AppData\Local\{4C328290-DCCA-4409-A6E7-2D5D4EEA54C2}
c:\users\Jinai\AppData\Local\{7C2A947A-C1D2-41A4-924E-EB318EE67F85}
c:\users\Jinai\AppData\Local\{6C103448-B457-4810-B59F-978D86824FA5}
c:\users\Jinai\AppData\Local\{4B753C67-668C-474C-981B-253D652F8AC8}
c:\users\Jinai\AppData\Local\{F8661618-8468-43C8-8DE7-7F0DDE950938}
c:\users\Jinai\AppData\Local\{6638CC24-34A9-4E7D-8A80-3130A7DF17B7}
DDS::
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
IE: Crawler Search
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Security 360"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Question: Does the Administrator have setting to block or allow specific file extensions?
=============================================
Remind me to suggest you stop all the unnecessary startups you have.
=============================================
Please uninstall this utdates version of HighJackThis: HijackThis 2.0.2 Then go on with current version below:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

[Jinai]

Heres the Combofix log:

ComboFix 11-04-09.01 - Jinai 10/04/2011 18:25:11.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1162 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\users\Jinai\Desktop\CFscript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\297F.tmp"
"c:\windows\system32\42EA.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jinai\appdata\local\{02AF9735-4BF3-43C3-99A4-FEB0C35C9A06}
c:\users\jinai\appdata\local\{2F9E0567-7119-44D1-88C0-89B9886ED4DD}
c:\users\jinai\appdata\local\{32B69A5C-7D42-411F-B13B-D2262975FAB2}
c:\users\jinai\appdata\local\{4B2A50DB-18D9-44B8-A8B7-3504360D5CA5}
c:\users\Jinai\AppData\Local\{4B753C67-668C-474C-981B-253D652F8AC8}
c:\users\Jinai\AppData\Local\{4C328290-DCCA-4409-A6E7-2D5D4EEA54C2}
c:\users\Jinai\AppData\Local\{6638CC24-34A9-4E7D-8A80-3130A7DF17B7}
c:\users\Jinai\AppData\Local\{6A619BE8-3566-4D8C-A930-BD08AA705B02}
c:\users\Jinai\AppData\Local\{6C103448-B457-4810-B59F-978D86824FA5}
c:\users\Jinai\AppData\Local\{7C2A947A-C1D2-41A4-924E-EB318EE67F85}
c:\users\jinai\appdata\local\{8E52CCE3-FD1C-4F1B-8DDA-8F374804A301}
c:\users\jinai\appdata\local\{9FFBE5DC-FDC1-475C-8F87-2E6A037893BA}
c:\users\jinai\appdata\local\{B7D3B0B6-8351-476F-B5DD-E10FB9952AB5}
c:\users\jinai\appdata\local\{D5F3E161-56C2-4B8F-ACAE-66DA68E14335}
c:\users\Jinai\AppData\Local\{DAACF362-76FD-4CE3-A163-0A55FADD8365}
c:\users\Jinai\AppData\Local\{F8661618-8468-43C8-8DE7-7F0DDE950938}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 17:35 . 2011-04-10 17:35 -------- d-----w- c:\users\Jinai\AppData\Local\temp
2011-04-10 17:35 . 2011-04-10 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 17:35 . 2011-04-10 17:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-10 17:13 . 2011-04-10 17:13 -------- d-----w- c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}
2011-04-10 16:54 . 2011-04-10 16:54 -------- d-----w- c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}
2011-04-07 16:02 . 2011-04-07 16:02 -------- d-----w- c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}
2011-04-07 15:59 . 2011-04-07 15:59 -------- d-----w- c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}
2011-04-06 00:05 . 2011-04-06 00:05 -------- d-----w- c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}
2011-04-06 00:02 . 2011-04-06 00:02 -------- d-----w- C:\_OTM
2011-04-05 23:52 . 2011-04-05 23:52 -------- d-----w- c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}
2011-04-05 21:54 . 2011-04-05 21:54 -------- d-----w- c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}
2011-04-05 02:11 . 2011-04-05 02:11 -------- d-----w- c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}
2011-04-04 13:32 . 2011-04-04 13:32 -------- d-----w- c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}
2011-04-04 01:31 . 2011-04-04 01:32 -------- d-----w- c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}
2011-04-03 13:31 . 2011-04-03 13:31 -------- d-----w- c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}
2011-04-02 15:57 . 2011-04-02 15:57 -------- d-----w- c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}
2011-04-01 16:55 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{189AD244-3E91-4B46-AF67-B52BEB2C3CB5}\mpengine.dll
2011-04-01 16:50 . 2011-04-01 16:51 -------- d-----w- c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}
2011-03-31 23:37 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\custom matrices
2011-03-31 23:36 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\C2MP
2011-03-31 15:08 . 2011-03-31 15:08 -------- d-----w- c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}
2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\ESET
2011-03-30 03:57 . 2011-03-30 03:57 89088 ----a-w- C:\mbr.exe
2011-03-28 18:54 . 2011-03-28 18:54 -------- d-----w- c:\users\Jinai\AppData\Roaming\Avira
2011-03-28 18:51 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-28 18:51 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\programdata\Avira
2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\program files\Avira
2011-03-28 17:07 . 2011-03-28 17:07 -------- d-----w- c:\windows\CheckSur
2011-03-27 10:51 . 2010-05-26 10:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\users\Jinai\AppData\Roaming\SUPERAntiSpyware.com
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-27 00:43 . 2011-03-27 00:43 -------- d-----w- c:\program files\Sophos
2011-03-26 15:31 . 2011-03-26 15:31 -------- d--h--w- c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
2011-03-25 14:43 . 2011-03-25 14:43 -------- d--h--w- c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
2011-03-24 16:25 . 2011-03-24 16:25 -------- d--h--w- c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
2011-03-24 03:18 . 2011-03-24 03:18 -------- d--h--w- c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
2011-03-23 15:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 15:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-22 19:45 . 2011-03-18 17:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-22 19:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-22 19:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-22 19:45 . 2011-03-18 17:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-22 19:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-22 19:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-22 19:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-22 19:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-18 00:52 . 2011-03-18 00:52 -------- d-----w- c:\windows\en
2011-03-18 00:52 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-18 00:43 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-18 00:43 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-18 00:43 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 00:39 . 2011-03-21 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-18 00:35 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-18 00:32 . 2011-03-18 00:32 469256 ---ha-w- c:\program files\Common Files\Windows Live\.cache\f45602771cbe50308\InstallManager_WLE_WLE.exe
2011-03-18 00:32 . 2011-03-18 00:32 15712 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ecb334c71cbe50307\MeshBetaRemover.exe
2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DSETUP.dll
2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DXSETUP.exe
2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\dsetup32.dll
2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DSETUP.dll
2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DXSETUP.exe
2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\dsetup32.dll
2011-03-18 00:31 . 2011-03-18 00:31 6260088 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e27634371cbe50304\Silverlight.4.0.exe
2011-03-18 00:31 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\Windows Live
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 14:52 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-22 19:39 . 2011-02-22 19:39 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-07 18:00 . 2011-02-07 18:00 925667 ----a-w- c:\windows\system32\ffmpegmt.dll
2011-02-07 18:00 . 2011-02-07 18:00 721798 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-07 18:00 . 2011-02-07 18:00 65024 ----a-w- c:\windows\system32\FLT_ffdshow.dll
2011-02-07 18:00 . 2011-02-07 18:00 3669504 ----a-w- c:\windows\system32\ffdshow.ax
2011-02-07 18:00 . 2011-02-07 18:00 336384 ----a-w- c:\windows\system32\ff_libfaad2.dll
2011-02-07 18:00 . 2011-02-07 18:00 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 216576 ----a-w- c:\windows\system32\ff_libdts.dll
2011-02-07 18:00 . 2011-02-07 18:00 1529856 ----a-w- c:\windows\system32\ff_samplerate.dll
2011-02-07 18:00 . 2011-02-07 18:00 151552 ----a-w- c:\windows\system32\ff_libmad.dll
2011-02-07 18:00 . 2011-02-07 18:00 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 140800 ----a-w- c:\windows\system32\ff_unrar.dll
2011-02-07 18:00 . 2011-02-07 18:00 121856 ----a-w- c:\windows\system32\ff_liba52.dll
2011-02-07 18:00 . 2011-02-07 18:00 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2011-02-07 17:45 . 2011-02-07 17:45 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-07 17:39 . 2011-02-07 17:39 4166551 ----a-w- c:\windows\system32\ffmpeg.dll
2011-02-02 20:40 . 2010-04-18 03:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:11 . 2009-10-03 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 19:46 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 19:46 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 19:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 19:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 19:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-08 19:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-08 19:46 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 19:46 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 19:46 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 19:46 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 19:46 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 19:46 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 19:46 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 19:46 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 19:46 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 19:46 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 19:46 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 19:46 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 19:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 19:46 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 19:46 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 19:46 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 19:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 19:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 19:46 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-03-18 17:53 . 2011-03-22 19:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12 118784 ---ha-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 07:45 31232 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-06-29 08:51 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C48 Series]
2005-05-16 19:00 99840 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_S4I091.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
2007-12-13 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-05-21 21:00 151552 ---h--w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-09 13:23 178712 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-09 13:23 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-10-10 14:46 69632 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-03-10 03:01 37943240 ----a-w- c:\windows\System32\mrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ---ha-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-07-16 23:17 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-09 13:23 154136 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-25 00:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 23:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-02-04 11:13 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-02 13:57 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-02 15:49 198160 ---ha-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9A3B.tmp [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-06-29 143467]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-17 233472]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 10:20]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Jinai\AppData\Roaming\Mozilla\Firefox\Profiles\hqyixclv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
AddRemove-Adobe ConnectNow Add-in - c:\users\Jinai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\acaddin\acaddin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 18:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9A3B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1048)
c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
Completion time: 2011-04-10 18:41:41
ComboFix-quarantined-files.txt 2011-04-10 17:41
ComboFix2.txt 2011-03-31 02:31
.
Pre-Run: 62,489,853,952 bytes free
Post-Run: 61,924,016,128 bytes free
.
- - End Of File - - FCFC950B6AE415D27BEA6FAA0F5D7D6B

 

[Jinai]

And the HJT Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:31, on 10/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\mobsync.exe
D:\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?rd=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware (AAWService) - Unknown owner - c:\progra~1\lavasoft\ad-ware\aawser~1.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6927 bytes

 

[Jinai]

====================
Question: Does the Administrator have setting to block or allow specific file extensions?
=============================================
Remind me to suggest you stop all the unnecessary startups you have.

I think I am the Admin on the operating system. So yeah.

 

[Bobbye]

Please download MBRCheck and save to your desktop

• Double click MBRCheck.exe to run (Vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  [o] Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  [o] Found non-standard or infected MBR.
  [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Paste this log to your next message.

==========================================
Before you run the script below, I's like you to see if there is any identifying information on the entries in the File:: section beginning with c:\users\Jinai\AppData\Local\numerical string
Most of the time when I ask this it comes back with just an empty folder. But I can't identify any of the numerical strings- but something is creating them! I have removed many, but more come back.

You can use Windows Explorer (Windows key + E) find the AppData for Jinai and do a right click> Properties on any of them. See if there is any information.
============================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\users\Jinai\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\users\Administrator\AppData\Local\temp
c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}
c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}
c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}
c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}
c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}
c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}
c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}
c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}
c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}
c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}
c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}
c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}
c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}
c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}
c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
c:\windows\system32\9A3B.tmp
c:\windows\System32\Drivers\sptd.sys
DDS::
IE: Crawler Search
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.htm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.html\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.shtml\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.xht\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.xhtml\UserChoice]
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"=-
Driver::
MEMSWEEP2
sptd

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

 

[Jinai]

Here is the MBRCheck Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-NR21J_S
Logical Drives Mask: 0x0000032c

Kernel Drivers (total 161):
0x82235000 \SystemRoot\system32\ntkrnlpa.exe
0x82202000 \SystemRoot\system32\hal.dll
0x80602000 \SystemRoot\system32\kdcom.dll
0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80679000 \SystemRoot\system32\PSHED.dll
0x8068A000 \SystemRoot\system32\BOOTVID.dll
0x80692000 \SystemRoot\system32\CLFS.SYS
0x806D3000 \SystemRoot\system32\CI.dll
0x87C0E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x87C8A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x87C97000 \SystemRoot\system32\drivers\acpi.sys
0x87CDD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x87CE6000 \SystemRoot\system32\drivers\msisadrv.sys
0x87CEE000 \SystemRoot\system32\drivers\pci.sys
0x87D15000 \SystemRoot\System32\drivers\partmgr.sys
0x87D24000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87D27000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87D31000 \SystemRoot\system32\drivers\volmgr.sys
0x87D40000 \SystemRoot\System32\drivers\volmgrx.sys
0x87D8A000 \SystemRoot\system32\drivers\intelide.sys
0x87D91000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x87D9F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x87DCC000 \SystemRoot\System32\drivers\mountmgr.sys
0x87E02000 \SystemRoot\system32\drivers\iastorv.sys
0x87EA2000 \SystemRoot\system32\drivers\iastor.sys
0x87F60000 \SystemRoot\system32\drivers\atapi.sys
0x87F68000 \SystemRoot\system32\drivers\ataport.SYS
0x87F86000 \SystemRoot\system32\drivers\fltmgr.sys
0x87FB8000 \SystemRoot\system32\drivers\fileinfo.sys
0x87FC8000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88008000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88079000 \SystemRoot\system32\drivers\ndis.sys
0x88184000 \SystemRoot\system32\drivers\msrpc.sys
0x881AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x88206000 \SystemRoot\System32\drivers\tcpip.sys
0x882F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88402000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88512000 \SystemRoot\system32\drivers\volsnap.sys
0x8854B000 \SystemRoot\System32\Drivers\spldr.sys
0x88553000 \SystemRoot\System32\Drivers\mup.sys
0x88562000 \SystemRoot\System32\drivers\ecache.sys
0x88589000 \SystemRoot\system32\drivers\disk.sys
0x8859A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x885C4000 \SystemRoot\System32\Drivers\BtHidBus.sys
0x885D5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885E0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x885E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x885F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D005000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D700000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D7A0000 \SystemRoot\System32\drivers\watchdog.sys
0x8D7AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D7B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x883C9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DC0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DC9A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8DCD9000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DD9A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8DDAA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8DE02000 \SystemRoot\system32\drivers\ti21sony.sys
0x8DECE000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8DED1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DEE4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DEEF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8DF18000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DF23000 \SystemRoot\system32\drivers\Afc.sys
0x8DF2B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DF43000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8DF49000 \SystemRoot\System32\Drivers\btnetBus.sys
0x8DF4F000 \SystemRoot\System32\Drivers\VcommMgr.sys
0x8DF56000 \SystemRoot\System32\Drivers\IvtBtBus.sys
0x8DF5B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DF8A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DFCB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DFD6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DFED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DDB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DDDB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DDEA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x883D8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x883ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x87FD2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x807B3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8DFF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E803000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E82D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E837000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E844000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E879000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC03000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EDC3000 \SystemRoot\system32\drivers\portcls.sys
0x8E88A000 \SystemRoot\system32\drivers\drmk.sys
0x8E8AF000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x8E8EB000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8EE0D000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8EEC0000 \SystemRoot\system32\drivers\modem.sys
0x8EECD000 \??\C:\Windows\system32\SAVRKBootTasks.sys
0x8EED2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EEDB000 \SystemRoot\System32\Drivers\Null.SYS
0x8EEE2000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EEF2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EEF9000 \SystemRoot\System32\drivers\vga.sys
0x8EF05000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EF26000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EF2E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EF36000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EF41000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EF4F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EF58000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EF6E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EFA0000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EFB4000 \SystemRoot\system32\drivers\afd.sys
0x881EA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EDF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x87DDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x807D9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8EE06000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C001000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C03D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C047000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x8C048000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C05F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8C085000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C092000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9F6C0000 \SystemRoot\System32\win32k.sys
0x8C150000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C15A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9F8E0000 \SystemRoot\System32\TSDDD.dll
0x9F900000 \SystemRoot\System32\cdd.dll
0x9F910000 \SystemRoot\System32\ATMFD.DLL
0x8C169000 \SystemRoot\system32\drivers\luafv.sys
0x8C184000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8C1A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C1B1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C1DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C1E5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8830B000 \SystemRoot\system32\drivers\HTTP.sys
0x88378000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x88395000 \SystemRoot\system32\DRIVERS\bowser.sys
0x883AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB4C00000 \SystemRoot\system32\drivers\mrxdav.sys
0xB4C21000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB4C40000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB4C79000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB4C91000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB4CB9000 \SystemRoot\system32\drivers\spsys.sys
0xB4D69000 \SystemRoot\System32\DRIVERS\srv.sys
0xB3A07000 \SystemRoot\system32\drivers\peauth.sys
0xB3AE5000 \SystemRoot\system32\drivers\regi.sys
0xB3AE7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB3AF1000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB3AFD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB3B12000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB3B24000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB3B3A000 \SystemRoot\System32\Drivers\AFGSp50.sys
0xB3B3F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB3B54000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3B56000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77140000 \Windows\System32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
576 csrss.exe
612 C:\Windows\System32\wininit.exe
640 csrss.exe
664 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\audiodg.exe
1276 C:\Windows\System32\SLsvc.exe
1316 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\spoolsv.exe
1692 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1704 C:\Windows\System32\svchost.exe
1840 C:\Windows\System32\dwm.exe
1876 C:\Windows\explorer.exe
2044 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
296 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
544 C:\Windows\System32\svchost.exe
1232 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
1892 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2088 C:\Windows\System32\svchost.exe
2108 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2220 C:\Windows\System32\taskeng.exe
2272 C:\Windows\System32\svchost.exe
2364 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2408 C:\Windows\System32\SearchIndexer.exe
2692 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2756 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
2772 C:\Program Files\iTunes\iTunesHelper.exe
2780 C:\Program Files\QuickTime\QTTask.exe
2788 C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
2796 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2804 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2812 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2824 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2832 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
2920 WUDFHost.exe
2348 C:\Program Files\iPod\bin\iPodService.exe
3004 C:\Windows\System32\svchost.exe
1716 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
1372 C:\Program Files\QuickTime\QuickTimePlayer.exe
792 C:\Windows\System32\SearchProtocolHost.exe
3872 C:\Windows\System32\SearchFilterHost.exe
484 C:\Users\Jinai\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`d7700000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2200BH, Rev: 0000000B

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

[Jinai]

And the CF Log:

ComboFix 11-04-09.01 - Jinai 12/04/2011 0:19.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1105 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\users\Jinai\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Administrator\AppData\Local\temp"
"c:\users\Default\AppData\Local\temp"
"c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}"
"c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}"
"c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}"
"c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}"
"c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}"
"c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}"
"c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}"
"c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}"
"c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}"
"c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}"
"c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}"
"c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}"
"c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}"
"c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}"
"c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}"
"c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}"
"c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}"
"c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}"
"c:\users\Jinai\AppData\Local\temp"
"c:\windows\system32\9A3B.tmp"
"c:\windows\System32\Drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Legacy_SPTD
-------\Service_MEMSWEEP2
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 23:30 . 2011-04-11 23:34 -------- d-----w- c:\users\Jinai\AppData\Local\temp
2011-04-11 23:30 . 2011-04-11 23:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 23:30 . 2011-04-11 23:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-11 17:22 . 2011-04-11 17:22 -------- d-----w- c:\users\Jinai\AppData\Local\{AD17B79A-F411-47ED-8468-DD1258930374}
2011-04-10 17:46 . 2011-04-10 17:46 -------- d-----w- c:\users\Jinai\AppData\Local\{FC4492F4-FF24-4595-B341-CDBDCFD680DC}
2011-04-10 17:13 . 2011-04-10 17:13 -------- d-----w- c:\users\Jinai\AppData\Local\{DD3B4F5B-C355-467F-9856-BACFC9DE8EA9}
2011-04-10 16:54 . 2011-04-10 16:54 -------- d-----w- c:\users\Jinai\AppData\Local\{4984393D-C470-44C0-B052-8503A3B41D30}
2011-04-07 16:02 . 2011-04-07 16:02 -------- d-----w- c:\users\Jinai\AppData\Local\{606C5B52-34E4-4F59-BECD-BF9E1BE86F1D}
2011-04-07 15:59 . 2011-04-07 15:59 -------- d-----w- c:\users\Jinai\AppData\Local\{43C267B2-DCFE-4C56-AFB4-7BA00F161522}
2011-04-06 00:05 . 2011-04-06 00:05 -------- d-----w- c:\users\Jinai\AppData\Local\{F7444938-5934-4E5D-8CF0-6E5A96BEF49D}
2011-04-06 00:02 . 2011-04-06 00:02 -------- d-----w- C:\_OTM
2011-04-05 23:52 . 2011-04-05 23:52 -------- d-----w- c:\users\Jinai\AppData\Local\{1A0552FD-5D80-4A3D-A1BB-4777A5B15EDA}
2011-04-05 21:54 . 2011-04-05 21:54 -------- d-----w- c:\users\Jinai\AppData\Local\{58F9F470-57DB-4811-B74F-FA869B136A65}
2011-04-05 02:11 . 2011-04-05 02:11 -------- d-----w- c:\users\Jinai\AppData\Local\{AD68E77B-A2D7-4C98-939D-AE48CECF9A0F}
2011-04-04 13:32 . 2011-04-04 13:32 -------- d-----w- c:\users\Jinai\AppData\Local\{4819A585-EB9F-443A-A327-4D44345DFC9B}
2011-04-04 01:31 . 2011-04-04 01:32 -------- d-----w- c:\users\Jinai\AppData\Local\{384E02AC-FD11-4FEF-82C8-BAC4C729A32D}
2011-04-03 13:31 . 2011-04-03 13:31 -------- d-----w- c:\users\Jinai\AppData\Local\{C75CF2AD-D0B8-4950-80A2-14798299B9EE}
2011-04-02 15:57 . 2011-04-02 15:57 -------- d-----w- c:\users\Jinai\AppData\Local\{6AB96FBD-C6D2-4F7A-B28E-FDE91B12A255}
2011-04-01 16:55 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{189AD244-3E91-4B46-AF67-B52BEB2C3CB5}\mpengine.dll
2011-04-01 16:50 . 2011-04-01 16:51 -------- d-----w- c:\users\Jinai\AppData\Local\{6104E5AF-AA7C-4338-9B06-CE27D23561BE}
2011-03-31 23:37 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\custom matrices
2011-03-31 23:36 . 2011-03-31 23:37 -------- d-----w- c:\windows\system32\C2MP
2011-03-31 15:08 . 2011-03-31 15:08 -------- d-----w- c:\users\Jinai\AppData\Local\{7536815B-714F-49C1-85EF-B15DA259E4F8}
2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\ESET
2011-03-30 03:57 . 2011-03-30 03:57 89088 ----a-w- C:\mbr.exe
2011-03-28 18:54 . 2011-03-28 18:54 -------- d-----w- c:\users\Jinai\AppData\Roaming\Avira
2011-03-28 18:51 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-28 18:51 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\programdata\Avira
2011-03-28 18:51 . 2011-03-28 18:51 -------- d-----w- c:\program files\Avira
2011-03-28 17:07 . 2011-03-28 17:07 -------- d-----w- c:\windows\CheckSur
2011-03-27 10:51 . 2010-05-26 10:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\users\Jinai\AppData\Roaming\SUPERAntiSpyware.com
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-27 01:03 . 2011-03-27 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-27 00:43 . 2011-03-27 00:43 -------- d-----w- c:\program files\Sophos
2011-03-26 15:31 . 2011-03-26 15:31 -------- d--h--w- c:\users\Jinai\AppData\Local\{9BB3329D-865B-4653-B9D1-F6F0C620A2EB}
2011-03-25 14:43 . 2011-03-25 14:43 -------- d--h--w- c:\users\Jinai\AppData\Local\{008C0DAA-5822-478E-B798-26BA595ED974}
2011-03-24 16:25 . 2011-03-24 16:25 -------- d--h--w- c:\users\Jinai\AppData\Local\{41014895-94D3-4DFA-B694-2C1C0622E20E}
2011-03-24 03:18 . 2011-03-24 03:18 -------- d--h--w- c:\users\Jinai\AppData\Local\{840949A0-9D08-4AE2-A9D6-0792AD890BF9}
2011-03-23 15:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 15:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-22 19:45 . 2011-03-18 17:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-22 19:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-22 19:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-22 19:45 . 2011-03-18 17:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-22 19:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-22 19:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-22 19:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-22 19:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-22 19:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-18 00:52 . 2011-03-18 00:52 -------- d-----w- c:\windows\en
2011-03-18 00:52 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-18 00:43 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-18 00:43 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-18 00:43 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 00:39 . 2011-03-21 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-18 00:35 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-18 00:32 . 2011-03-18 00:32 469256 ---ha-w- c:\program files\Common Files\Windows Live\.cache\f45602771cbe50308\InstallManager_WLE_WLE.exe
2011-03-18 00:32 . 2011-03-18 00:32 15712 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ecb334c71cbe50307\MeshBetaRemover.exe
2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DSETUP.dll
2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\DXSETUP.exe
2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\ea0f16d71cbe50306\dsetup32.dll
2011-03-18 00:32 . 2011-03-18 00:32 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DSETUP.dll
2011-03-18 00:32 . 2011-03-18 00:32 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\DXSETUP.exe
2011-03-18 00:32 . 2011-03-18 00:32 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e70b9ad71cbe50305\dsetup32.dll
2011-03-18 00:31 . 2011-03-18 00:31 6260088 ---ha-w- c:\program files\Common Files\Windows Live\.cache\e27634371cbe50304\Silverlight.4.0.exe
2011-03-18 00:31 . 2011-03-21 10:47 -------- d--h--w- c:\users\Jinai\AppData\Local\Windows Live
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 14:52 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-22 19:39 . 2011-02-22 19:39 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-07 18:00 . 2011-02-07 18:00 925667 ----a-w- c:\windows\system32\ffmpegmt.dll
2011-02-07 18:00 . 2011-02-07 18:00 721798 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-07 18:00 . 2011-02-07 18:00 65024 ----a-w- c:\windows\system32\FLT_ffdshow.dll
2011-02-07 18:00 . 2011-02-07 18:00 3669504 ----a-w- c:\windows\system32\ffdshow.ax
2011-02-07 18:00 . 2011-02-07 18:00 336384 ----a-w- c:\windows\system32\ff_libfaad2.dll
2011-02-07 18:00 . 2011-02-07 18:00 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 216576 ----a-w- c:\windows\system32\ff_libdts.dll
2011-02-07 18:00 . 2011-02-07 18:00 1529856 ----a-w- c:\windows\system32\ff_samplerate.dll
2011-02-07 18:00 . 2011-02-07 18:00 151552 ----a-w- c:\windows\system32\ff_libmad.dll
2011-02-07 18:00 . 2011-02-07 18:00 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 140800 ----a-w- c:\windows\system32\ff_unrar.dll
2011-02-07 18:00 . 2011-02-07 18:00 121856 ----a-w- c:\windows\system32\ff_liba52.dll
2011-02-07 18:00 . 2011-02-07 18:00 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2011-02-07 17:45 . 2011-02-07 17:45 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-07 17:39 . 2011-02-07 17:39 4166551 ----a-w- c:\windows\system32\ffmpeg.dll
2011-02-02 20:40 . 2010-04-18 03:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:11 . 2009-10-03 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 19:46 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 19:46 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 19:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 19:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 19:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-08 19:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-08 19:46 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 19:46 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 19:46 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 19:46 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 19:46 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 19:46 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 19:46 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 19:46 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 19:46 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 19:46 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 19:46 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 19:46 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 19:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 19:46 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 19:46 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 19:46 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 19:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 19:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 19:46 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-03-18 17:53 . 2011-03-22 19:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jinai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Jinai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ---ha-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12 118784 ---ha-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 07:45 31232 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-06-29 08:51 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C48 Series]
2005-05-16 19:00 99840 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_S4I091.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
2007-12-13 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-05-21 21:00 151552 ---h--w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-09 13:23 178712 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-09 13:23 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-10-10 14:46 69632 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-03-10 03:01 37943240 ----a-w- c:\windows\System32\mrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 02:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ---ha-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-07-16 23:17 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-09 13:23 154136 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-25 00:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 23:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-02-04 11:13 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-02 13:57 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-02 15:49 198160 ---ha-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-06-29 143467]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-17 233472]
R4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 10:20]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Jinai\AppData\Roaming\Mozilla\Firefox\Profiles\hqyixclv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 00:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-713040662-188224599-2356230030-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(328)
c:\users\Jinai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\system32\WUDFHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-04-12 00:43:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-11 23:43
ComboFix2.txt 2011-04-10 17:41
ComboFix3.txt 2011-03-31 02:31
.
Pre-Run: 63,033,143,296 bytes free
Post-Run: 62,669,000,704 bytes free
.
- - End Of File - - D0EFF2C09E1A100D9D5D603340C3405C

 

[Jinai]

Before you run the script below, I's like you to see if there is any identifying information on the entries in the File:: section beginning with c:\users\Jinai\AppData\Local\numerical string
Most of the time when I ask this it comes back with just an empty folder. But I can't identify any of the numerical strings- but something is creating them! I have removed many, but more come back.

You can use Windows Explorer (Windows key + E) find the AppData for Jinai and do a right click> Properties on any of them. See if there is any information.

I checked for the folder and found that it was not empty, infact there was a lot of stuff inside it!

 

[Bobbye]

You need to read my directions carefully.

Before you run the script below, I'd like you to see if there is any identifying information on the entries in the File:: section beginning with c:\users\Jinai\AppData\Local\numerical string

I checked for the folder and found that it was not empty, infact there was a lot of stuff inside it!

Old dopey me "thought" you would tell me what the stuff was before you went ahead and ran the script! But whatever they were, they are gone and now a new batch of the same data has appeared.

I need to have some idea of what there folders hold, so please give me some idea of what this stuff is!
I ask you to try to identify the appdata before you ran the script. Once again, the entries were removed and once again, just as many are back again!

I also asked a specific question about the handling of file extensions in the Registry. Did you set these?
These are examples- there are more: They are all in Firefox. They are not 'usual' entries:

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

Please give me an update on the system. Have problems been resolved?

 

[Jinai]

I need to have some idea of what there folders hold, so please give me some idea of what this stuff is!

Apologies! I've been quite busy recently so I haven't had time to reply to this topic. The things that are in the folder seems to be different folders (maybe around 20 or so) with different numerical strings, however theres nothing inside.

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

Nope, I didn't set these. The problem still hasn't been resolved, my desktop screen is still black and most of my files are still hidden (they seem to have been converted into hidden files).