Virustotal results, ComboFix log, DDS log, HDD De-frag
Hi blade81,
As requested:
Virustotal.com results for c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
http://www.virustotal.com/analisis/0...58964ec3645da8
ComboFix log
The "DirLook" part of the results are in the txt file contained in the attached zip file.
ComboFix 09-05-20.09 - madPC May-09 Thu 11:56.6 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1101 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\SSubTmr6.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.
2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\madPC\AppData\Local\temp
2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\Administrator\AppData\Local\temp
2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\programdata\is-S4G4L
2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\users\All Users\is-S4G4L
2009-05-19 15:59 . 2009-05-20 07:51 1286176 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-18 09:23 . 2009-05-18 09:42 -------- d-----w c:\users\madPC\AppData\Roaming\vlc
2009-05-17 12:28 . 2009-05-17 12:28 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 01:33 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-20 07:51 . 2009-05-19 15:59 16148 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-06 06:02 . 2009-04-18 03:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 06:02 . 2009-04-18 03:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-05-21 01:38 66382 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-21 01:38 74980 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
- 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 11:10 . 2009-05-21 01:38 8846 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-21 01:41 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-21 01:41 111398 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MPSSVC
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]
2009-05-21 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
Trusted Zone: kaspersky.com\www
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 11:59
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-21 12:01
ComboFix-quarantined-files.txt 2009-05-21 02:31
ComboFix2.txt 2009-05-17 09:07
ComboFix3.txt 2009-05-01 05:04
ComboFix4.txt 2009-04-30 17:06
ComboFix5.txt 2009-05-21 02:26
Pre-Run: 26,641,416,192 bytes free
Post-Run: 26,575,175,680 bytes free
1699 --- E O F --- 2009-05-01 06:49
DDS logs
DDS
DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 12:15:51.04 on 21-May-09 Thu
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1071 [GMT 9.5:30]
AV: Symantec AntiVirus *On-access scanning disabled* (Updated)
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kaspersky.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
============= SERVICES / DRIVERS ===============
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
=============== Created Last 30 ================
2009-05-21 12:01 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-05-21 11:56 161,792 a------- c:\windows\SWREG.exe
2009-05-21 11:56 130,048 a------- c:\windows\PEV.exe
2009-05-21 11:56 98,816 a------- c:\windows\sed.exe
2009-05-21 11:56 <DIR> --ds---- C:\ComboFix
2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
==================== Find3M ====================
2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 12:16:14.83 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 21-May-09 Thu 11:04:25 AM (1 hours ago)
Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 74 GiB total, 24.84 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.21 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32
==== System Restore Points ===================
RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint
RP254: 21-May-09 Thu 11:37:16 AM - Scheduled Checkpoint
==== Installed Programs ======================
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7030] - The 259AF39406791205E85E436A3D1F675C service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 259AF39406791205E85E436A3D1F675C service to connect.
21-May-09 Thu 11:59:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CC8BA6821EF1BEF0A685519DD778453A service to connect.
21-May-09 Thu 11:59:45 AM, Error: Service Control Manager [7030] - The CC8BA6821EF1BEF0A685519DD778453A service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21-May-09 Thu 11:56:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 6CA50881A260B02C8CC5DA96B8E897B6 service to connect.
21-May-09 Thu 11:56:48 AM, Error: Service Control Manager [7030] - The 6CA50881A260B02C8CC5DA96B8E897B6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
==== End Of File ===========================
Defragmenting Hard disk
Vista said it had done so as recently as a just one day prior to your message. However, I downloaded Jkdefrag and ran it.
CPU Usage, Installed Memory
Hi,
Sorted the processes list by CPU Usage and the following kept reappearing and disappearing in the 2 minutes I spent monitoring it:
System Idle Process
firefox.exe
taskmgr.exe
taskeng.exe
ccSvcHst.exe
IAANTmon.exe
svchost.exe
Rtvscan.exe
System
As for Memory, there are two identical Samsung 1 GB DDR2 667MHz RAM sticks installed, one of which I installed the same day I bought the laptop over a year ago.
Thanks