Win32.TDSS.rtk is lingering somewhere [Archive]

View Full Version : Win32.TDSS.rtk is lingering somewhere

madPC

2009-05-09, 19:54

Hi

A week ago, Spybot detected Win32.TDSS.rtk. I googled and came across one of the threads in the same forum. Read it and tried some of the fixes advised on my own (I now regret having done so). Here's pretty much what I did in order:

Ran ComboFix
Ran Malwarebytes - detected 6 trojans of win32.tdss.rtk
Uninstalled adobe 8.3
Installed adobe 9.1
Uninstall java
Installed java
Ran atf cleaner
Ran dds
Created own cfscript
Ran cfscript (reboot took long)
Ran atf (reboot took long)

Everything seemed to work fine, until just now. Again, I keep getting redirected to www.google.com/undefined and various websites every now and then when I click on links from a Google search. PC is also working pretty slow.

I've read the before you post thread i.e. disabled Spybot's TeaTimer, backed up registry, installed HijackThis in the Program Files folder, etc.

Now here's the log: (ran HijackThis.exe as administrator)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:44 AM, on 10-May-09 Sun
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [LVCOMSX] "c:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech IBT Service (LvIBTSvr) - Logitech Inc. - c:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

--
End of file - 8739 bytes

Blade81

2009-05-10, 19:30

Ran ComboFix
Hi

You already regreted doing that but I still post link to our sticky so that readers of this topic will see it. Do NOT run 'fixes' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806)

Please post contents of c:\ComboFix.txt file back here.

madPC

2009-05-11, 11:08

Here's the list of what I did (again), but with their respective logs (post 1/2)

Ran ComboFix

ComboFix 09-04-29.03 - madPC Apr-09 Thu 23:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1167 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys
c:\windows\system32\ovfsthdfjbolsnmxnpmxgoctleouxrwxxmregx.dll
c:\windows\system32\ovfsthpnoujbtpidpaolpodhreuhfxieneiubh.dat
c:\windows\system32\ovfsthqwbluljsxjdmearguumufmykqctxbbem.dat

----- BITS: Possible infected sites -----

hxxp://globalstats.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-04-30 09:53 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\progra~2\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\progra~2\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\progra~2\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\progra~2\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent
2009-04-13 06:28 . 2009-04-28 07:57 -------- d-----w C:\!KillBox
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\program files\Apple Software Update
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\progra~2\Apple
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\users\All Users\Apple
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-13 02:57 . 2009-04-13 03:14 -------- d-----w c:\users\Administrator\AppData\Roaming\vlc
2009-04-13 02:30 . 2009-04-21 00:58 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\program files\QuickTime
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\progra~2\Apple Computer
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\users\All Users\Apple Computer
2009-04-04 12:07 . 2009-04-04 12:07 -------- d-----w c:\users\Administrator\AppData\Local\Yahoo
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\progra~2\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\users\All Users\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\progra~2\Office Genuine Advantage
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\users\All Users\Office Genuine Advantage
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 13:55 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-04-30 12:21 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-28 12:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-28 12:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-28 12:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-04 03:44 . 2007-04-17 20:09 -------- d-----w c:\program files\Java
2009-04-03 18:15 . 2009-04-03 18:15 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-03 18:15 . 2009-04-03 18:15 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-03 18:15 . 2009-04-03 18:15 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-03 18:15 . 2009-04-03 18:15 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-03 18:15 . 2009-04-03 18:15 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-03 18:15 . 2009-04-03 18:15 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-13 12:29 . 2009-02-24 12:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 18:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-23 03:57 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-23 03:57 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-23 03:57 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-23 03:57 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-23 03:57 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-23 03:57 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-23 03:57 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-23 03:57 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-23 03:57 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-23 03:57 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-23 03:57 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-23 03:57 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-23 03:57 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-23 03:57 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-23 03:57 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-23 03:57 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-23 03:57 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-23 03:57 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
2009-02-24 12:58 . 2009-02-24 12:58 561688 ----a-w c:\windows\system32\wuapi.dll
2009-02-24 12:58 . 2009-02-24 12:58 34328 ----a-w c:\windows\system32\wups.dll
2009-02-24 12:57 . 2009-02-24 12:57 31232 ----a-w c:\windows\system32\wuapp.exe
2009-02-24 12:57 . 2009-02-24 12:57 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-02-12 11:39 . 2009-02-12 11:39 12712 ----a-w c:\windows\system32\drivers\FJGSDisk.sys
2009-02-12 11:04 . 2009-02-12 11:04 99864 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 omnipass;omnipass; [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-27 122008]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-02-12 12712]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-12-22 63016]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-01-11 12288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-23 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 23:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys 83968 bytes executable
c:\windows\system32\ovfsthcettpcbilowcpvbnbrrtoxuskymsmlpq.dat 2418 bytes
c:\windows\system32\ovfsthcqwtjumvsbmiftubdoffvqylchcbxsts.dll 19456 bytes executable
c:\windows\system32\ovfstheepxdcrrgqbynuertsfkdmteyxngdrmp.dll 17920 bytes executable
c:\windows\system32\ovfsthldbowyvnoponfggajnivdmqoykldkjxj.dll 17920 bytes executable
c:\windows\system32\ovfsthqfrvipyftqqurimqilppwtmdmctqvgbv.dll 61440 bytes executable
c:\windows\system32\ovfsthyenaicmkengblcuyxqsdpjpmepvhsruj.dll 19456 bytes executable
c:\users\madPC\AppData\Local\Temp\ovfsth000 0 bytes
c:\windows\TEMP\ovfsthjrxxsbdkny.tmp 23040 bytes executable

scan completed successfully
hidden files: 9

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet001\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet002\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet003\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet004\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet005\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet006\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet007\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet008\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet009\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet010\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet011\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet012\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet013\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet013\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\System32\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-04-30 23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 14:16

Pre-Run: 36,160,290,816 bytes free
Post-Run: 35,685,863,424 bytes free

511 --- E O F --- 2009-04-21 02:21

Ran Malwarebytes - detected 6 trojans of win32.tdss.rtk

Uninstalled adobe 8.3
Installed adobe 9.1

Uninstall java
Installed java

Ran ATF cleaner

Ran dds

DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 1:41:40.72 on 01-May-09 Fri
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1156 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1

\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk -

c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-

1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} -

hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} -

hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program

files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-

8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009

-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32

\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-

aware\AAWService.exe [2009-3-10 953168]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program

files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program

files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15

5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2

30720]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe

[2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-04-30 23:37 284,748,436 a------- c:\windows\MEMORY.DMP
2009-04-30 21:49 161,792 a------- c:\windows\SWREG.exe
2009-04-30 21:49 98,816 a------- c:\windows\sed.exe
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 549 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common

files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-24 10:04 155 a------- c:\windows\system32\SelfDel.bat
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security

Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-19 03:18 <DIR> --d----- c:\users\madPC\appdata\roaming\Malwarebytes
2009-04-18 12:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-18 12:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 12:46 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-18 12:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 12:46 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-17 00:46 0 a---h--- c:\windows\system32

\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:13 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-17 00:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-17 00:13 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-04-17 00:13 15,360 a------- c:\windows\system32\pacerprf.dll
2009-04-17 00:12 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-17 00:12 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-04-17 00:12 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-04-17 00:12 45,056 a------- c:\windows\system32\dataclen.dll
2009-04-17 00:12 36,864 a------- c:\windows\system32\cdd.dll
2009-04-17 00:12 180,224 a------- c:\windows\system32\scrobj.dll
2009-04-17 00:12 172,032 a------- c:\windows\system32\scrrun.dll
2009-04-17 00:12 155,648 a------- c:\windows\system32\wscript.exe
2009-04-17 00:12 135,168 a------- c:\windows\system32\wshom.ocx
2009-04-17 00:12 135,168 a------- c:\windows\system32\cscript.exe
2009-04-17 00:12 90,112 a------- c:\windows\system32\wshext.dll
2009-04-16 23:58 <DIR> --d----- C:\PerfLogs
2009-04-16 20:18 866,816 a------- c:\windows\system32\wmpmde.dll
2009-04-16 20:17 222,720 a------- c:\windows\system32\wavemsp.dll
2009-04-16 20:16 246,784 a------- c:\windows\system32\drvstore.dll
2009-04-16 20:16 305,152 a------- c:\windows\system32\msdelta.dll
2009-04-16 20:16 258,560 a------- c:\windows\system32\dpx.dll
2009-04-16 20:16 35,328 a------- c:\windows\system32\mspatcha.dll
2009-04-16 01:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-16 00:49 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-

FE5819D6772F}
2009-04-16 00:49 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-

FE5819D6772F}
2009-04-16 00:49 <DIR> --d----- c:\programdata\Lavasoft
2009-04-16 00:49 <DIR> --d----- c:\program files\Lavasoft
2009-04-15 17:26 <DIR> --d----- c:\program files\Toshiba
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:15 118 a------- c:\windows\system32\MRT.INI
2009-04-13 15:58 <DIR> --d----- C:\!KillBox
2009-04-13 14:30 <DIR> --d----- c:\programdata\Apple
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-13 11:01 <DIR> --d----- c:\programdata\Apple Computer
2009-04-04 20:22 <DIR> --d----- c:\programdata\Yahoo!
2009-04-04 20:22 <DIR> --d----- c:\program files\Yahoo!
2009-04-04 11:09 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32

\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\msdxm.ocx
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:37 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-04 03:08 105,016 a------- c:\windows\system32

\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32

\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:54 15,138,816 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-04-04 02:54 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-04-04 02:54 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:35 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll

==================== Find3M ====================

2009-05-01 01:32 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-28 21:52 51,200 a------- c:\windows\inf\infpub.dat
2009-04-28 21:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-28 21:52 86,016 a------- c:\windows\inf\infstor.dat
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-08 21:04 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 21:04 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 21:03 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 21:03 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 21:03 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 21:03 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 21:03 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 21:03 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 21:03 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 21:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 21:02 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 21:02 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 21:02 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 21:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 21:01 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 21:01 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 21:01 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 20:52 156,160 a------- c:\windows\system32\msls31.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:42:35.86 ===============

Created own cfscript

DDS::
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

madPC

2009-05-11, 11:10

Here's the list of what I did (again), but with their respective logs (post 2/2)

Ran ComboFix with CFscript (reboot took very long)

ComboFix 09-04-29.03 - madPC May-09 Fri 2:14.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.918 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys
c:\windows\system32\ovfsthcettpcbilowcpvbnbrrtoxuskymsmlpq.dat
c:\windows\system32\ovfsthqfrvipyftqqurimqilppwtmdmctqvgbv.dll
c:\windows\system32\ovfsthxrphqddxovwqbiwrsqamqnkbvxcvopyy.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie
-------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-04-30 09:53 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\progra~2\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\progra~2\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\progra~2\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\progra~2\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent
2009-04-13 06:28 . 2009-04-28 07:57 -------- d-----w C:\!KillBox
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\program files\Apple Software Update
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\progra~2\Apple
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\users\All Users\Apple
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-13 02:57 . 2009-04-13 03:14 -------- d-----w c:\users\Administrator\AppData\Roaming\vlc
2009-04-13 02:30 . 2009-04-21 00:58 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\program files\QuickTime
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\progra~2\Apple Computer
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\users\All Users\Apple Computer
2009-04-04 12:07 . 2009-04-04 12:07 -------- d-----w c:\users\Administrator\AppData\Local\Yahoo
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\progra~2\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\users\All Users\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\progra~2\Office Genuine Advantage
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\users\All Users\Office Genuine Advantage
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 16:48 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-04-30 16:02 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-30 15:59 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-30 15:06 . 2007-04-17 20:09 -------- d-----w c:\program files\Java
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-28 12:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-28 12:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-28 12:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-03 18:15 . 2009-04-03 18:15 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-03 18:15 . 2009-04-03 18:15 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-03 18:15 . 2009-04-03 18:15 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-03 18:15 . 2009-04-03 18:15 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-03 18:15 . 2009-04-03 18:15 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-03 18:15 . 2009-04-03 18:15 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-13 12:29 . 2009-02-24 12:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 11:34 . 2009-04-23 03:57 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-23 03:57 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-23 03:57 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-23 03:57 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-23 03:57 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-23 03:57 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-23 03:57 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-23 03:57 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-23 03:57 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-23 03:57 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-23 03:57 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-23 03:57 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-23 03:57 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-23 03:57 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-23 03:57 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-23 03:57 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-23 03:57 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-23 03:57 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
2009-02-24 12:58 . 2009-02-24 12:58 561688 ----a-w c:\windows\system32\wuapi.dll
2009-02-24 12:58 . 2009-02-24 12:58 34328 ----a-w c:\windows\system32\wups.dll
2009-02-24 12:57 . 2009-02-24 12:57 31232 ----a-w c:\windows\system32\wuapp.exe
2009-02-24 12:57 . 2009-02-24 12:57 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-02-12 11:39 . 2009-02-12 11:39 12712 ----a-w c:\windows\system32\drivers\FJGSDisk.sys
2009-02-12 11:04 . 2009-02-12 11:04 99864 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_14.14.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-04-30 16:44 64424 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-04-30 16:44 73160 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-12 11:06 . 2009-04-30 14:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-04-30 17:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-04-30 17:00 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-12 11:06 . 2009-04-30 14:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 11:06 . 2009-04-30 17:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-12 11:06 . 2009-04-30 14:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-24 15:36 . 2009-04-30 16:01 7068 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-500_UserData.bin
+ 2009-02-12 11:10 . 2009-04-30 16:44 7690 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-04-30 16:48 608884 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-30 13:55 608884 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-30 16:48 105952 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-04-30 13:55 105952 c:\windows\System32\perfc009.dat
+ 2009-04-30 16:02 . 2009-04-30 16:02 148888 c:\windows\System32\javaws.exe
- 2009-04-04 03:44 . 2009-03-08 18:49 148888 c:\windows\System32\javaws.exe
+ 2009-04-30 16:02 . 2009-04-30 16:02 144792 c:\windows\System32\javaw.exe
- 2009-04-04 03:44 . 2009-03-08 18:49 144792 c:\windows\System32\javaw.exe
+ 2009-04-30 16:02 . 2009-04-30 16:02 144792 c:\windows\System32\java.exe
- 2009-04-04 03:44 . 2009-03-08 18:49 144792 c:\windows\System32\java.exe
+ 2009-04-23 04:08 . 2009-04-30 17:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-23 04:08 . 2009-04-30 14:07 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-30 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 omnipass;omnipass; [x]
R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-27 122008]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-02-12 12712]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-12-22 63016]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-01-11 12288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-23 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 02:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys 83968 bytes executable
c:\users\madPC\AppData\Local\Temp\ovfsth000 0 bytes
c:\windows\system32\ovfsthcqwtjumvsbmiftubdoffvqylchcbxsts.dll 19456 bytes executable
c:\windows\system32\ovfstheepxdcrrgqbynuertsfkdmteyxngdrmp.dll 17920 bytes executable
c:\windows\system32\ovfsthipwuyfcrvqhiqmocbrwvtlrqtfeiqaop.dll 19456 bytes executable
c:\windows\system32\ovfsthldbowyvnoponfggajnivdmqoykldkjxj.dll 17920 bytes executable
c:\windows\system32\ovfsthojhciexsbonadxsisnexsijrtkqxupfq.dll 17920 bytes executable
c:\windows\system32\ovfsthtdleeqrnjcpnbifqubxbpcdbypxcfstv.dat 267 bytes
c:\windows\system32\ovfsthxnpqyrytpqvbqrgmkblsdcuidpxtmafp.dll 61440 bytes executable
c:\windows\system32\ovfsthyenaicmkengblcuyxqsdpjpmepvhsruj.dll 19456 bytes executable
c:\windows\TEMP\ovfsthjrxxsbdkny.tmp 23040 bytes executable

scan completed successfully
hidden files: 11

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet001\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet002\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet003\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet004\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet005\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet006\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet007\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet008\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet009\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet010\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet011\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet012\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet013\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet013\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\System32\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-04-30 2:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 17:06
ComboFix2.txt 2009-04-30 14:16

Pre-Run: 42,927,898,624 bytes free
Post-Run: 42,895,994,880 bytes free

544 --- E O F --- 2009-04-21 02:21

Ran ATF cleaner

Rebooted (took very long)

I believe the next thing you're going to ask me to do is uninstall my P2P program - do you advise I do that in the admin account in safe mode / admin account in normal mode / my account in normal mode? :thanks:

Blade81

2009-05-11, 17:04

Hi

I believe the next thing you're going to ask me to do is uninstall my P2P program
Well guessed ;) Do uninstalling with your account from normal mode if it has admin privileges (= rights to do uninstalling). Otherwise use admin account (in normal mode).

After that re-run ComboFix (let it update itself) and post back its report & a fresh dds.txt log contents, please.

madPC

2009-05-14, 16:32

ComboFix 09-05-13.02 - madPC May-09 Thu 17:46.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1073 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w c:\users\madPC\AppData\Local\Apple Computer
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 08:29 . 2009-05-01 08:29 -------- d-----w c:\users\madPC\AppData\Local\Apple
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:36 . 2009-05-01 01:48 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 17:48 . 2009-04-18 17:48 -------- d-----w c:\users\madPC\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
2009-04-16 14:42 . 2008-05-08 21:59 430080 ----a-w c:\windows\system32\vbscript.dll
2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\programdata\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
2009-04-15 08:12 . 2009-04-15 08:12 -------- d-----w c:\users\madPC\AppData\Roaming\Toshiba
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 07:55 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:59 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-04-03 17:04 . 2009-04-03 17:04 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-03-08 19:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [18-Apr-09 Sat 12:46 PM 38496]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 17:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\madPC\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-05-14 17:50
ComboFix-quarantined-files.txt 2009-05-14 08:20
ComboFix2.txt 2009-05-01 05:04
ComboFix3.txt 2009-04-30 17:06
ComboFix4.txt 2009-04-30 14:16

Pre-Run: 27,697,840,128 bytes free
Post-Run: 27,514,118,144 bytes free

340 --- E O F --- 2009-05-01 06:49

DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 0:00:06.58 on 15-May-09 Fri
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.958 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-18 38496]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-05-14 17:44 161,792 a------- c:\windows\SWREG.exe
2009-05-14 17:44 98,816 a------- c:\windows\sed.exe
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-24 10:04 155 a------- c:\windows\system32\SelfDel.bat
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-19 03:18 <DIR> --d----- c:\users\madPC\appdata\roaming\Malwarebytes
2009-04-18 12:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-18 12:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 12:46 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-18 12:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 12:46 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:13 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-17 00:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-17 00:13 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-04-17 00:13 15,360 a------- c:\windows\system32\pacerprf.dll
2009-04-16 23:58 <DIR> --d----- C:\PerfLogs
2009-04-16 20:18 866,816 a------- c:\windows\system32\wmpmde.dll
2009-04-16 20:17 222,720 a------- c:\windows\system32\wavemsp.dll
2009-04-16 20:16 246,784 a------- c:\windows\system32\drvstore.dll
2009-04-16 20:16 305,152 a------- c:\windows\system32\msdelta.dll
2009-04-16 20:16 258,560 a------- c:\windows\system32\dpx.dll
2009-04-16 20:16 35,328 a------- c:\windows\system32\mspatcha.dll
2009-04-16 01:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-16 00:49 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 00:49 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 00:49 <DIR> --d----- c:\programdata\Lavasoft
2009-04-16 00:49 <DIR> --d----- c:\program files\Lavasoft
2009-04-15 17:26 <DIR> --d----- c:\program files\Toshiba
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:15 118 a------- c:\windows\system32\MRT.INI
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll

==================== Find3M ====================

2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:00:42.11 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 14-May-09 Thu 11:44:40 PM (1 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 25.216 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.895 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32

==== System Restore Points ===================

RP239: 10-May-09 Sun 6:03:38 AM - Device Driver Package Install: Intel IDE ATA/ATAPI controllers
RP240: 11-May-09 Mon 12:42:02 AM - Scheduled Checkpoint
RP241: 12-May-09 Tue 1:48:53 AM - Scheduled Checkpoint
RP242: 13-May-09 Wed 12:53:43 AM - Scheduled Checkpoint
RP243: 13-May-09 Wed 1:33:15 AM - Windows Update
RP244: 14-May-09 Thu 12:49:49 AM - Scheduled Checkpoint
RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

12-May-09 Tue 8:18:16 AM, Error: EventLog [6008] - The previous system shutdown at 1:56:51 AM on 5/12/2009 was unexpected.
09-May-09 Sat 12:22:56 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
09-May-09 Sat 12:22:56 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
08-May-09 Fri 2:30:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
08-May-09 Fri 2:30:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
08-May-09 Fri 2:29:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
08-May-09 Fri 2:28:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
08-May-09 Fri 2:27:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
08-May-09 Fri 2:27:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Irmon service.
08-May-09 Fri 2:26:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
08-May-09 Fri 2:26:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
08-May-09 Fri 2:25:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
08-May-09 Fri 11:51:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
08-May-09 Fri 11:50:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx Tosrfcom Wanarpv6 ws2ifsl
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

==== End Of File ===========================

Blade81

2009-05-14, 18:51

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\SelfDel.bat

Folder::
c:\users\Administrator\AppData\Roaming\BitTorrent
c:\program files\BitTorrent
c:\program files\DNA

DirLook::
c:\windows\system32\%APPDATA%

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"=-
"{7DD80389-BAEB-42DD-A05F-880619A84500}"=-
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"=-
"{3935BD02-4B40-439B-86EA-B4F99566E630}"=-
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

madPC

2009-05-17, 14:57

Hi

This is how I followed your instructions and what happened:

1. Created CFScript.txt on desktop

2. Disconnected LAN cable, Switched off WiFi switch

3. Shut all windows open in the taskbar

4. Disabled SAV (tray icon), Windows Defender, Windows Firewall

5. Exited Ad-Aware from tray

6. Set 'startup type' for the SAV and Lavasoft Services to Manual (forgot about Windows Defender) - did this just in case ComboFix would need to reboot and then re-run itself

7. Dragged CFScript.txt onto ComboFix.exe (on desktop)

8. Saved ComboFix log

9. Ran ATF Cleaner as per instructions

10. Reset 'startup type' for all aforementioned Services to Automatic

11. Re-enabled Windows Firewall, Windows Defender

12. Rebooted PC

13. SAV wouldn't leave Auto-Protect on for more than 3 seconds. I would right click the icon, select Enable Auto-Protect and the icon would look fine, until only after 3 seconds, it would revert back to Auto-Protect Disabled.

14. Rebooted again and it was OK. Re-connected LAN cable.

15. Kaspersky Online Scanner gave me this error: 'Starting Java applet has failed! Please go online to use this program.' even though the Java icon was visible in the tray and even when I tried to add http://www.kaspersky.com to the Trusted Zone in the IE Security Settings.

Here's the ComboFix log, by the way:

ComboFix 09-05-13.02 - madPC May-09 Sun 18:32.5 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1230 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
c:\windows\system32\SelfDel.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\users\Administrator\AppData\Roaming\BitTorrent
c:\users\Administrator\AppData\Roaming\BitTorrent\dht.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\resume.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\rss.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\settings.dat
c:\windows\system32\SelfDel.bat

.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-16 07:01 . 2009-05-16 07:01 -------- d-----w c:\windows\LastGood
2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w c:\users\madPC\AppData\Local\Apple Computer
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 08:29 . 2009-05-01 08:29 -------- d-----w c:\users\madPC\AppData\Local\Apple
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:36 . 2009-05-01 01:48 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 17:48 . 2009-04-18 17:48 -------- d-----w c:\users\madPC\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 14:13 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-04-03 17:04 . 2009-04-03 17:04 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-03-08 19:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\%APPDATA% ----

2009-04-28 20:04 . 2009-04-28 20:04 16384 --sha-w c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-05-14 14:17 66104 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-14 14:17 74892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
- 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
+ 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-16 07:01 . 2006-11-02 08:51 13312 c:\windows\LastGood\system32\DRIVERS\sfloppy.sys
- 2009-02-12 11:10 . 2009-05-14 07:59 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-02-12 11:10 . 2009-05-14 14:17 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-16 11:30 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-16 11:30 111398 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 18:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-17 18:37
ComboFix-quarantined-files.txt 2009-05-17 09:07
ComboFix2.txt 2009-05-01 05:04
ComboFix3.txt 2009-04-30 17:06
ComboFix4.txt 2009-04-30 14:16

Pre-Run: 26,645,606,400 bytes free
Post-Run: 26,554,630,144 bytes free

322 --- E O F --- 2009-05-01 06:49

Thanks!

Blade81

2009-05-17, 19:10

Hi

Let's see this one instead of online version then :)

Download the latest version of Kaspersky Virus Removal Tool (ftp://downloads2.kaspersky-labs.com/devbuilds/AVPTool)

* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Post also a fresh dds.txt log. How's the system running?

madPC

2009-05-20, 14:48

Hi blade81,

Thanks for the suggested workaround. As requested:

Kaspersky Report (Detected)

Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Dropper.Win32.Agent.anje File: C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]\Windows XP WPA Kill (TRIED IN SAFE MODE !!! )\WPA_KILL.EXE//data0000.cab/codec.exe

DDS Logs

DDS

DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 17:31:11.33 on 20-May-09 Wed
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1116 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kaspersky.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-17 18:31 <DIR> --d----- C:\ComboFix
2009-05-14 17:44 161,792 a------- c:\windows\SWREG.exe
2009-05-14 17:44 98,816 a------- c:\windows\sed.exe
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys

==================== Find3M ====================

2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:32:06.95 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 20-May-09 Wed 5:22:12 PM (0 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 23.049 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.895 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32

==== System Restore Points ===================

RP244: 14-May-09 Thu 12:49:49 AM - Scheduled Checkpoint
RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

==== End Of File ===========================

How's the system working?

Annoyingly slow. When I empty the Recycle Bin, it's icon doesn't change. I wasn't even able to open the AVPT.txt file with Notepad as it caused it to hang each time. Eventually got it to open with Wordpad. Lastly, the Kaspersky scan took more than 15 hours!

Something's still quite wrong mate...

Blade81

2009-05-20, 16:38

Hi

Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

Upload following file to Virustotal (http://www.virustotal.com) and post back the results:
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]

DirLook::
C:\Users\madPC\Downloads

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Have you defragged hard drive lately? If not please try Jkdefrag (http://www.kessels.com/Jkdefrag/) for example.

madPC

2009-05-22, 20:33

Hi blade81,

As requested:

Virustotal.com results for c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

http://www.virustotal.com/analisis/0e94869a2fa00aa3cf58964ec3645da8

ComboFix log

The "DirLook" part of the results are in the txt file contained in the attached zip file.

ComboFix 09-05-20.09 - madPC May-09 Thu 11:56.6 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1101 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SSubTmr6.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\madPC\AppData\Local\temp
2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\Administrator\AppData\Local\temp
2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\programdata\is-S4G4L
2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\users\All Users\is-S4G4L
2009-05-19 15:59 . 2009-05-20 07:51 1286176 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-18 09:23 . 2009-05-18 09:42 -------- d-----w c:\users\madPC\AppData\Roaming\vlc
2009-05-17 12:28 . 2009-05-17 12:28 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 01:33 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-20 07:51 . 2009-05-19 15:59 16148 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-06 06:02 . 2009-04-18 03:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 06:02 . 2009-04-18 03:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll

.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-05-21 01:38 66382 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-21 01:38 74980 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
- 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 11:10 . 2009-05-21 01:38 8846 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-21 01:41 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-21 01:41 111398 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPSSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-05-21 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
Trusted Zone: kaspersky.com\www
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 11:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-21 12:01
ComboFix-quarantined-files.txt 2009-05-21 02:31
ComboFix2.txt 2009-05-17 09:07
ComboFix3.txt 2009-05-01 05:04
ComboFix4.txt 2009-04-30 17:06
ComboFix5.txt 2009-05-21 02:26

Pre-Run: 26,641,416,192 bytes free
Post-Run: 26,575,175,680 bytes free

1699 --- E O F --- 2009-05-01 06:49

DDS logs

DDS

DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 12:15:51.04 on 21-May-09 Thu
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1071 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kaspersky.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-05-21 12:01 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-05-21 11:56 161,792 a------- c:\windows\SWREG.exe
2009-05-21 11:56 130,048 a------- c:\windows\PEV.exe
2009-05-21 11:56 98,816 a------- c:\windows\sed.exe
2009-05-21 11:56 <DIR> --ds---- C:\ComboFix
2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys

==================== Find3M ====================

2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:16:14.83 ===============

[I]Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 21-May-09 Thu 11:04:25 AM (1 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 24.84 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.21 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32

==== System Restore Points ===================

RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint
RP254: 21-May-09 Thu 11:37:16 AM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7030] - The 259AF39406791205E85E436A3D1F675C service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 259AF39406791205E85E436A3D1F675C service to connect.
21-May-09 Thu 11:59:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CC8BA6821EF1BEF0A685519DD778453A service to connect.
21-May-09 Thu 11:59:45 AM, Error: Service Control Manager [7030] - The CC8BA6821EF1BEF0A685519DD778453A service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21-May-09 Thu 11:56:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 6CA50881A260B02C8CC5DA96B8E897B6 service to connect.
21-May-09 Thu 11:56:48 AM, Error: Service Control Manager [7030] - The 6CA50881A260B02C8CC5DA96B8E897B6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

==== End Of File ===========================

Defragmenting Hard disk

Vista said it had done so as recently as a just one day prior to your message. However, I downloaded Jkdefrag and ran it.

Blade81

2009-05-22, 23:00

Hi

I don't see C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO] folder removed yet. Since its contents looks less than legit I ask you to remove it. We don't support piracy here.

How's the system now?

madPC

2009-05-27, 09:48

Hi blade81,

I don't know why the folder didn't get removed, but anyway I shift-deleted it.

As for the performance, it's very bad. The PC is running slowly, so slow that even the Recycle bin won't update it's icon when the bin's been emptied.

I also tried to update run Ad-Aware (to run a scan) but strangely the following message came up immediately: 'Connection error, check your settings.' That leads me to believe that there really is something somewhere in the system. (and I so can't wait to get it out!)

Thanks,
madPC

Blade81

2009-05-27, 16:21

Download GMER (http://www.gmer.net/gmer.zip) and save it your desktop:
Extract it to your desktop and double-click GMER.exe
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

madPC

2009-05-27, 17:42

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-28 01:05:46
Windows 6.0.6001 Service Pack 1

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Blade81

2009-05-27, 19:23

That looks ok. Could you check what processes take most CPU in task manager? How much memory does the system have installed?

madPC

2009-05-28, 14:27

Hi,

Sorted the processes list by CPU Usage and the following kept reappearing and disappearing in the 2 minutes I spent monitoring it:

System Idle Process
firefox.exe
taskmgr.exe
taskeng.exe
ccSvcHst.exe
IAANTmon.exe
svchost.exe
Rtvscan.exe
System

As for Memory, there are two identical Samsung 1 GB DDR2 667MHz RAM sticks installed, one of which I installed the same day I bought the laptop over a year ago.

Thanks

Blade81

2009-05-28, 17:02

What kind of CPU rates there for those processes? System idle can be excluded since it's in normal conditions always like 99%.

madPC

2009-05-28, 19:00

Mainly between 1 and 5, though at one point firefox.exe went to 10.

Blade81

2009-05-28, 21:57

Do you have that Jkdefrag report around? Could you attach it to your reply, please?

Does shutting Symantec Antivirus down have any effect to system performance?

madPC

2009-06-01, 14:28

Hi

Where can I find the Jkdefrag report? :confused:
When it had finished, all I saw (to the best of my memory) was a small green and black window with the word 'Finished' in its status bar. Nothing popped up or whatever.

As for turning off SAV, there is a noticeable change in performance (not that great, though) - system shuts down / loads a bit quicker. However the recycle bin icon still doesn't update its icon unless I refresh the desktop :scratch:

Blade81

2009-06-01, 15:54

Hi

Jkdefrag log file should appear in same folder where Jkdefrag execution file is located in.

madPC

2009-06-01, 18:06

Found it. Here you are:

12:25:42 JkDefrag v3.36
12:25:42 Date: 2009/05/21
12:25:42 Windows version: v6.0 build 6001 Service Pack 1
12:25:42 NtfsDisableLastAccessUpdate is active, ignoring LastAccessTime for SpaceHogs.
12:25:42 Analyzing volume 'C:\'
12:25:42 Processing 'C:\*'
12:25:42 Opening volume '\\?\Volume{fed43717-f971-11dd-b4d4-806e6f6e6963}' at mountpoint 'C:'
12:25:42 Input mask: C:\*
12:25:43 Phase 1: Analyze
12:25:44 This is an NTFS disk.
12:25:57 Phase 2: Defragment
12:54:42 Phase 3: Fixup
13:55:35 Zone 1: Fast Optimize
14:01:16 Zone 2: Fast Optimize
16:13:22 Zone 3: Fast Optimize
17:08:40 Phase 3: Fixup
17:08:40 Finished.
17:08:40 - Total disk space: 79708549120 bytes (74.2344 gigabytes), 19460095 clusters
17:08:40 - Bytes per cluster: 4096 bytes
17:08:40 - Number of files: 90732
17:08:40 - Number of directories: 17398
17:08:40 - Total size of analyzed items: 53129306112 bytes (49.4805 gigabytes), 12971022 clusters
17:08:40 - Number of fragmented items: 14 (0.0129% of all items)
17:08:40 - Total size of fragmented items: 10600603648 bytes, 2588038 clusters, 19.9525% of all items, 13.2992% of disk
17:08:40 - Free disk space: 25385476096 bytes, 6197626 clusters, 31.8479% of disk
17:08:40 - Number of gaps: 928
17:08:40 - Number of small gaps: 801 (86.3147% of all gaps)
17:08:40 - Size of small gaps: 8118272 bytes, 1982 clusters, 0.0320% of free disk space
17:08:40 - Number of big gaps: 127 (13.6853% of all gaps)
17:08:40 - Size of big gaps: 25377357824 bytes, 6195644 clusters, 99.9680% of free disk space
17:08:40 - Average gap size: 6678.4763 clusters
17:08:40 - Biggest gap: 3753017344 bytes, 916264 clusters, 14.7841% of free disk space
17:08:40 - Average end-begin distance: 1645225 clusters, 8.4544% of volume size
17:08:40 These items could not be moved:
17:08:40 Fragments Bytes Clusters Name
17:08:40 11 131072000 32000 C:\$MFT
17:08:40 1 64 1 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
17:08:40 1 24576 6 C:\.
17:08:40 1 64 1 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
17:08:40 1 65536 16 C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 64 1 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
17:08:40 1 827392 202 C:\Windows\System32\$$DeleteMe.wininet.dll.01c9c3c7c60a1569.0000
17:08:40 1 4096 1 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\theme
17:08:40 1 18298 4 C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf
17:08:40 1 248166 61 C:\Users\madPC\Documents\Miscellaneous\Others' Work\Agnitra Ganguly\30Jun-26Jul MH.pdf
17:08:40 30 1715972616 8464 C:\$Extend\$UsnJrnl:$J:$DATA
17:08:40 2 204800 50 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
17:08:40 1 4096 1 C:\$Extend\$RmMetadata\$TxfLog
17:08:40 1 16384 4 C:\$Extend\$RmMetadata\$Txf
17:08:40 1 4259840 29 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci
17:08:40 1 1305 1 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\26c1df26a75529904285f9278542760c_3b3fd226-4f6e-4f5c-b6d4-554ad3df4749
17:08:40 1 1305 1 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa13847f24184b9b8ee7a484bc311bcc_3b3fd226-4f6e-4f5c-b6d4-554ad3df4749
17:08:40 1 2432512 594 C:\$Bitmap
17:08:40 3 16392 5 C:\$MFT::$BITMAP
17:08:40 1 4096 1 C:\$MFTMirr
17:08:40 1 67108864 16384 C:\$LogFile
17:08:40 1 9749 3 C:\Windows\winsxs\Manifests\9989fd7161367ec8b411b094a25b929152e319c82bd9f1e78767a7c5fe91c086.cat
17:08:40 1 9749 3 C:\Windows\winsxs\Manifests\bd46fa78cdc74e9e017594868fa421c4f10ad80ec37cf0856bafd38718296228.cat
17:08:40 1 9798 3 C:\Windows\winsxs\Manifests\e1f1fc853eb9ae0cbf7de6045dec226212d01eed7badabc1b8622a3dd4b4ca92.cat
17:08:40 1 9749 3 C:\Windows\winsxs\Manifests\40d9b9c15bb2242d665acacc7b2478ffc47b4c876e759d8a49536f0af1c4b649.cat
17:08:40 1 9798 3 C:\Windows\winsxs\Manifests\64bbe4a95b9c7b212f5cb46b7d55fd3c8319c2288a97bb83cf01fdd9ffc242c8.cat
17:08:40 1 9762 3 C:\Windows\winsxs\Manifests\2fdc0212e1f094427dd375e350bf1f5d0cc51ac33f12145bc304f80cf6a0ffcd.cat
17:08:40 1 9810 3 C:\Windows\winsxs\Manifests\0b7d20c26830f61b09683634e70076f8395a95b114efef7d33c593b8b4137bf6.cat
17:08:40 1 9770 3 C:\Windows\winsxs\Manifests\09b1d70404f86ada9e153a035903586cf401ff255fc5a9f246ea69ce2741a96d.cat
17:08:40 8 717070336 175066 C:\System Volume Information\{a786bae1-448b-11de-97de-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 9818 3 C:\Windows\winsxs\Manifests\5217dd1c4d764ecefa67f4259d8a2e76575b06d81bdc52173987d419ac9ae78c.cat
17:08:40 1 9770 3 C:\Windows\winsxs\Manifests\5e1d4d057cbb48f7f0229ee115a959bf8e56ba73b3d4e66a7eea150319ad5db2.cat
17:08:40 1 9818 3 C:\Windows\winsxs\Manifests\49057e8b8991b6c6c34bfb54147ad13431c6285dc98835bb6c1bf5bc417bb027.cat
17:08:40 1 8348 3 C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
17:08:40 7 811692032 198167 C:\System Volume Information\{ec72fb20-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 1305 1 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ea777b93d039aa8cf61e4fac9b4d5ce_3b3fd226-4f6e-4f5c-b6d4-554ad3df4749
17:08:40 1 10705 3 C:\Windows\winsxs\Manifests\ec6ab08cec3c4a5939ec1a58eda071d547416f00bee0e337715c0e20fbe1e1bf.cat
17:08:40 1 8361 3 C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
17:08:40 17 625426432 152692 C:\System Volume Information\{c4bd824c-405c-11de-86cb-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 8348 3 C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
17:08:40 5 559136768 136508 C:\System Volume Information\{9277e68a-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 7 1258254336 307191 C:\System Volume Information\{9277ecd2-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 9 565379072 138032 C:\System Volume Information\{ec72f74a-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 4 621146112 151647 C:\System Volume Information\{0577fe0d-42de-11de-a39e-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 24 1503952896 367176 C:\System Volume Information\{ec72f82b-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 18 1887436800 460800 C:\System Volume Information\{86b3847c-45a7-11de-859a-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 9 1885143040 460240 C:\System Volume Information\{9277e973-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 1121631 251 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1918237747-2751938533-2904961478-1000.db
17:08:40 1 10703 3 C:\Windows\winsxs\Manifests\3dd5a727f2a1142223c6d9a7bff73ae7676aac714a4da8192f66123045b11c41.cat
17:08:40 1 8361 3 C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
17:08:40 1 2450718720 598320 C:\pagefile.sys
17:08:40 1 2136903680 521705 C:\hiberfil.sys
17:08:40 --------- ----------- --------- -----
17:08:40 192 16945828043 3725674 Total
17:08:40 These items are still fragmented:
17:08:40 Fragments Bytes Clusters Name
17:08:40 11 131072000 32000 C:\$MFT
17:08:40 30 1715972616 8464 C:\$Extend\$UsnJrnl:$J:$DATA
17:08:40 2 204800 50 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
17:08:40 3 16392 5 C:\$MFT::$BITMAP
17:08:40 8 717070336 175066 C:\System Volume Information\{a786bae1-448b-11de-97de-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 7 811692032 198167 C:\System Volume Information\{ec72fb20-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 17 625426432 152692 C:\System Volume Information\{c4bd824c-405c-11de-86cb-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 5 559136768 136508 C:\System Volume Information\{9277e68a-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 7 1258254336 307191 C:\System Volume Information\{9277ecd2-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 9 565379072 138032 C:\System Volume Information\{ec72f74a-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 4 621146112 151647 C:\System Volume Information\{0577fe0d-42de-11de-a39e-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 24 1503952896 367176 C:\System Volume Information\{ec72f82b-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 18 1887436800 460800 C:\System Volume Information\{86b3847c-45a7-11de-859a-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 9 1885143040 460240 C:\System Volume Information\{9277e973-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 --------- ----------- --------- -----
17:08:40 154 12281903632 2588038 Total
17:08:40 The 25 largest items on disk:
17:08:40 Fragments Bytes Clusters Name
17:08:40 1 4674229116 1141170 C:\Users\madPC\Downloads\Transporter 3 720p Bluray x264-SEPTiC\t3-septic.mkv
17:08:40 1 2450718720 598320 C:\pagefile.sys
17:08:40 1 2136903680 521705 C:\hiberfil.sys
17:08:40 18 1887436800 460800 C:\System Volume Information\{86b3847c-45a7-11de-859a-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 9 1885143040 460240 C:\System Volume Information\{9277e973-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 24 1503952896 367176 C:\System Volume Information\{ec72f82b-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 1442787328 352243 C:\Users\madPC\Downloads\6001.18000.080118-1840-kb3aikl_en.iso
17:08:40 1 1404583936 342916 C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY (03-31-2009) ENGLISH.iso
17:08:40 7 1258254336 307191 C:\System Volume Information\{9277ecd2-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 857997312 209472 C:\Users\madPC\Downloads\Microsoft(R) Windows XP Media Center Edition 2005™ SP3 For HP-DELL-FUJITSU\Microsoft(R) Windows XP Media Center Edition 2005™ SP3 For HP-DELL-FUJITSU.iso
17:08:40 7 811692032 198167 C:\System Volume Information\{ec72fb20-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 8 717070336 175066 C:\System Volume Information\{a786bae1-448b-11de-97de-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 675039232 164805 C:\Users\madPC\Downloads\FUJITSU SIEMENS WINDOWS XP HOME EDITION SP2.iso
17:08:40 17 625426432 152692 C:\System Volume Information\{c4bd824c-405c-11de-86cb-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 4 621146112 151647 C:\System Volume Information\{0577fe0d-42de-11de-a39e-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 9 565379072 138032 C:\System Volume Information\{ec72f74a-4382-11de-8ec6-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 5 559136768 136508 C:\System Volume Information\{9277e68a-4091-11de-9f02-000000000000}{3808876b-c176-4e48-b7ae-04046e6cc752}
17:08:40 1 343058432 83755 C:\Windows\Installer\414df8.msp
17:08:40 1 280231936 68416 C:\$Extend\$RmMetadata\$TxfLog\$Tops:$T:$DATA
17:08:40 1 267790016 65379 C:\Users\madPC\Downloads\Software - Sandisk 16G\Drivers\HP Officejet J6480 All-in-One\HP Officejet J6480 Full Feature Software and Driver v10.0.1 - OJJ6400_Full_10.exe
17:08:40 1 229852160 56117 C:\Windows\Installer\4925ba.msp
17:08:40 1 209272580 51092 C:\MSOCache\All Users\{91120000-0031-0000-0000-0000000FF1CE}-C\ProHrWW.cab
17:08:40 1 208464560 50895 C:\Users\madPC\Desktop\AVPT.txt
17:08:40 1 169155978 41298 C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
17:08:40 Analyzing volume 'D:\'
17:08:40 Processing 'D:\*'
17:08:40 Opening volume '\\?\Volume{830a2b7a-f972-11dd-9b26-000000000000}' at mountpoint 'D:'
17:08:40 Input mask: D:\*
17:08:41 Phase 1: Analyze
17:08:41 This is an NTFS disk.
17:08:41 Phase 2: Defragment
17:08:41 Phase 3: Fixup
17:18:40 Zone 1: Fast Optimize
17:18:41 Zone 2: Fast Optimize
17:19:50 Zone 3: Fast Optimize
17:20:28 Phase 3: Fixup
17:20:28 Finished.
17:20:28 - Total disk space: 79281778688 bytes (73.8369 gigabytes), 19355903 clusters
17:20:28 - Bytes per cluster: 4096 bytes
17:20:28 - Number of files: 100
17:20:28 - Number of directories: 28
17:20:28 - Total size of analyzed items: 29659873280 bytes (27.6229 gigabytes), 7241180 clusters
17:20:28 - Number of fragmented items: 2 (1.5625% of all items)
17:20:28 - Total size of fragmented items: 20480 bytes, 5 clusters, 0.0001% of all items, 0.0000% of disk
17:20:28 - Free disk space: 49412186112 bytes, 12063522 clusters, 62.3248% of disk
17:20:28 - Number of gaps: 14
17:20:28 - Number of small gaps: 1 (7.1429% of all gaps)
17:20:28 - Size of small gaps: 4096 bytes, 1 clusters, 0.0000% of free disk space
17:20:28 - Number of big gaps: 13 (92.8571% of all gaps)
17:20:28 - Size of big gaps: 49412182016 bytes, 12063521 clusters, 100.0000% of free disk space
17:20:28 - Average gap size: 861680.1429 clusters
17:20:28 - Biggest gap: 39638388736 bytes, 9677341 clusters, 80.2199% of free disk space
17:20:28 - Average end-begin distance: 3032641 clusters, 15.6678% of volume size
17:20:28 These items could not be moved:
17:20:28 Fragments Bytes Clusters Name
17:20:28 1 4096 1 D:\$Extend\$RmMetadata\$TxfLog
17:20:28 2 4104 2 D:\$MFT::$BITMAP
17:20:28 1 196608 48 D:\$MFT
17:20:28 1 4096 1 D:\$MFTMirr
17:20:28 3 12288 3 D:\.
17:20:28 1 4140 2 D:\.::$SECURITY_DESCRIPTOR
17:20:28 1 2419488 591 D:\$Bitmap
17:20:28 --------- ----------- --------- -----
17:20:28 10 2644820 648 Total
17:20:28 These items are still fragmented:
17:20:28 Fragments Bytes Clusters Name
17:20:28 2 4104 2 D:\$MFT::$BITMAP
17:20:28 3 12288 3 D:\.
17:20:28 --------- ----------- --------- -----
17:20:28 5 16392 5 Total
17:20:28 The 25 largest items on disk:
17:20:28 Fragments Bytes Clusters Name
17:20:28 1 4696110883 1146512 D:\Alvin.And.The.Chipmunks.720p.BluRay.x264-REFiNED\refined-alvin\refined-alvin.mkv
17:20:28 1 4696076681 1146504 D:\Yes.Man.720p.Bluray.x264-SEPTiC\s-yesman\s-yesman.mkv
17:20:28 1 4674435724 1141220 D:\Quantum.of.Solace.720p.BluRay.x264-REFiNED\refined-qos-blu720p.mkv
17:20:28 1 2343570835 572161 D:\Casino Royale [tRuAVC]\Casino Royale [2006 en x264 1280x544 HDRip].mkv
17:20:28 1 1173131318 286410 D:\24 S7\24.S07E02.720p.HDTV.X264-DIMENSION.mkv
17:20:28 1 1172905027 286354 D:\24 S7\24.S07E09.720p.HDTV.X264-DIMENSION.mkv
17:20:28 1 1172833815 286337 D:\24 S7\24.S07E01.720p.HDTV.X264-DIMENSION.mkv
17:20:28 1 732831744 178914 D:\Slumdog.Millionaire.DVDrip[Eng]-MyRSK\Slumdog.Millionaire.DVDrip[Eng]-MyRSK.avi
17:20:28 1 685296896 167309 D:\Russell Peters - Red, White and Brown\Russell Peters - Red White And Brown.mkv
17:20:28 1 442772918 108099 D:\24 S7\[www.bayw.org].24.s07e04.Xvid.fRoStY.avi
17:20:28 1 397901312 97144 D:\24 S7\[www.BayW.org].24.s07e03.Xvid.fRoStY.avi
17:20:28 1 367833006 89803 D:\24 S7\prison.break.417.repack.hdtv-0tv.avi
17:20:28 1 367681536 89766 D:\24 S7\24.S07E24.PREAIR.DVDRip.XviD-TOPAZ.avi
17:20:28 1 367503360 89723 D:\24 S7\24.S07E23.PREAIR.DVDRip.XviD-TOPAZ.avi
17:20:28 1 366923044 89581 D:\24 S7\24.718-notv.avi
17:20:28 1 366870398 89568 D:\24 S7\24.s07e17.hdtv.xvid-fqm.avi
17:20:28 1 366798848 89551 D:\24 S7\24.713.hdtv-lol.avi
17:20:28 1 366788774 89549 D:\24 S7\24.S07E21.HDTV.XviD-LOL.avi
17:20:28 1 366788608 89548 D:\24 S7\24.712.hdtv-lol.avi
17:20:28 1 366788516 89548 D:\24 S7\24.S07E14.HDTV.XviD-LOL.avi
17:20:28 1 366778368 89546 D:\24 S7\24.S07E20.HDTV.XviD-LOL.avi
17:20:28 1 366775674 89545 D:\24 S7\24.S07E10.HDTV.XviD-LOL.avi
17:20:28 1 366769952 89544 D:\24 S7\24.S07E11.HDTV.XviD-LOL.avi
17:20:28 1 366764032 89542 D:\24 S7\24.716.hdtv-lol.avi
17:20:28 1 366755616 89540 D:\24 S7\Prison.Break.S04E20.HDTV.XviD-LOL.avi
17:20:28 Analyzing volume 'E:\'
17:20:28 Ignoring volume 'E:\' because it is a CD-ROM drive.
17:20:28 Finished.

Blade81

2009-06-01, 22:12

Hi

See if this helps with the recycle bin icon problem:
right click on desktop, select ‘personalize’
Click ‘change desktop icons’.
Click on the ‘recycle bin empty’ icon and change it with the icon that shows the recycle bin full
Do the reverse process for the ‘recycle bin full’ icon.
Click apply.
Now when the recycle bin is full it will show empty and when empty it will show full.

Now go back and reverse the process and change the icona around as they should be.

madPC

2009-06-05, 19:13

Hi

The recyle bin works normally now. Thanks for that :)

Unfortunately, however, my Ad-Aware doesn't. I still get that abrupt error message pop up every time I try to update the definitions.

What do you suggest?

Blade81

2009-06-05, 23:23

Hi,

Please try to reinstall Ad-Aware.

tashi

2009-06-08, 21:58

Hello madPC,

Next time on-line here can you post please so this topic can be archived if finished.

Regards.

madPC

2009-06-09, 18:55

Hi

Sorry I've been taking time to reply - I've been extremely busy with work lately. But don't get me wrong, I do highly value your advice.

So I uninstalled Ad-Aware, rebooted, then re-installed it, but I'm still experiencing the same issue. What do you suggest I do now?

Cheers!

And once again, my apologies for the delayed replies.

Blade81

2009-06-09, 20:55

Hi,

What is the exact error message that pops up? Have you made sure there's no firewall blocking access?

madPC

2009-06-10, 00:06

Hi

Firewall-wise, I only have Windows Firewall (as far as I'm aware) and Ad-Aware is in the allowed list. I noticed that when I try to update Ad-Aware, the app. that's actually trying to connect to the net (the Update Manager) is not the main Ad-Aware.exe program but in fact Ad-AwareAdmin.exe. So I added that to the allowed list, too, but still same problem.

I've attached a screenshot of the error. It pops up immediately after the Update Manager window appears (in fact, it probably happens simultaneously!).

Thanks

Blade81

2009-06-10, 15:53

Hi

I recommend you contact Lavasoft Support on the matter since Ad-Aware is their product. That's the only advice I can give for now.

madPC

2009-06-12, 18:40

Okay. I'll try googling a bit before that.

Thanks a lot for all your help, blade81.

PS: Check your PM

Blade81

2009-06-12, 21:15

You're welcome. Hopefully you'll find solution :) I'll close this topic now.