Win32.TDSS.rtk is lingering somewhere
Hi
A week ago, Spybot detected Win32.TDSS.rtk. I googled and came across one of the threads in the same forum. Read it and tried some of the fixes advised on my own (I now regret having done so). Here's pretty much what I did in order:
Ran ComboFix
Ran Malwarebytes - detected 6 trojans of win32.tdss.rtk
Uninstalled adobe 8.3
Installed adobe 9.1
Uninstall java
Installed java
Ran atf cleaner
Ran dds
Created own cfscript
Ran cfscript (reboot took long)
Ran atf (reboot took long)
Everything seemed to work fine, until just now. Again, I keep getting redirected to www.google.com/undefined and various websites every now and then when I click on links from a Google search. PC is also working pretty slow.
I've read the before you post thread i.e. disabled Spybot's TeaTimer, backed up registry, installed HijackThis in the Program Files folder, etc.
Now here's the log: (ran HijackThis.exe as administrator)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:44 AM, on 10-May-09 Sun
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [LVCOMSX] "c:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/w...omanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech IBT Service (LvIBTSvr) - Logitech Inc. - c:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
--
End of file - 8739 bytes
ComboFix Log, Kaspersky failed
Hi
This is how I followed your instructions and what happened:
1. Created CFScript.txt on desktop
2. Disconnected LAN cable, Switched off WiFi switch
3. Shut all windows open in the taskbar
4. Disabled SAV (tray icon), Windows Defender, Windows Firewall
5. Exited Ad-Aware from tray
6. Set 'startup type' for the SAV and Lavasoft Services to Manual (forgot about Windows Defender) - did this just in case ComboFix would need to reboot and then re-run itself
7. Dragged CFScript.txt onto ComboFix.exe (on desktop)
8. Saved ComboFix log
9. Ran ATF Cleaner as per instructions
10. Reset 'startup type' for all aforementioned Services to Automatic
11. Re-enabled Windows Firewall, Windows Defender
12. Rebooted PC
13. SAV wouldn't leave Auto-Protect on for more than 3 seconds. I would right click the icon, select Enable Auto-Protect and the icon would look fine, until only after 3 seconds, it would revert back to Auto-Protect Disabled.
14. Rebooted again and it was OK. Re-connected LAN cable.
15. Kaspersky Online Scanner gave me this error: 'Starting Java applet has failed! Please go online to use this program.' even though the Java icon was visible in the tray and even when I tried to add http://www.kaspersky.com to the Trusted Zone in the IE Security Settings.
Here's the ComboFix log, by the way:
ComboFix 09-05-13.02 - madPC May-09 Sun 18:32.5 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1230 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
c:\windows\system32\SelfDel.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\users\Administrator\AppData\Roaming\BitTorrent
c:\users\Administrator\AppData\Roaming\BitTorrent\dht.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\resume.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\rss.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\settings.dat
c:\windows\system32\SelfDel.bat
.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-16 07:01 . 2009-05-16 07:01 -------- d-----w c:\windows\LastGood
2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w c:\users\madPC\AppData\Local\Apple Computer
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 08:29 . 2009-05-01 08:29 -------- d-----w c:\users\madPC\AppData\Local\Apple
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:36 . 2009-05-01 01:48 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 17:48 . 2009-04-18 17:48 -------- d-----w c:\users\madPC\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 14:13 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-04-03 17:04 . 2009-04-03 17:04 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-03-08 19:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\%APPDATA% ----
2009-04-28 20:04 . 2009-04-28 20:04 16384 --sha-w c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-05-14 14:17 66104 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-14 14:17 74892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
- 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
+ 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-16 07:01 . 2006-11-02 08:51 13312 c:\windows\LastGood\system32\DRIVERS\sfloppy.sys
- 2009-02-12 11:10 . 2009-05-14 07:59 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-02-12 11:10 . 2009-05-14 14:17 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-16 11:30 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-16 11:30 111398 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]
2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 18:35
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-17 18:37
ComboFix-quarantined-files.txt 2009-05-17 09:07
ComboFix2.txt 2009-05-01 05:04
ComboFix3.txt 2009-04-30 17:06
ComboFix4.txt 2009-04-30 14:16
Pre-Run: 26,645,606,400 bytes free
Post-Run: 26,554,630,144 bytes free
322 --- E O F --- 2009-05-01 06:49
Thanks!
Kaspersky Report, DDS Logs
Hi blade81,
Thanks for the suggested workaround. As requested:
Kaspersky Report (Detected)
Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Dropper.Win32.Agent.anje File: C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]\Windows XP WPA Kill (TRIED IN SAFE MODE !!! )\WPA_KILL.EXE//data0000.cab/codec.exe
DDS Logs
DDS
DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 17:31:11.33 on 20-May-09 Wed
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1116 [GMT 9.5:30]
AV: Symantec AntiVirus *On-access scanning disabled* (Updated)
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kaspersky.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
============= SERVICES / DRIVERS ===============
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
=============== Created Last 30 ================
2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-17 18:31 <DIR> --d----- C:\ComboFix
2009-05-14 17:44 161,792 a------- c:\windows\SWREG.exe
2009-05-14 17:44 98,816 a------- c:\windows\sed.exe
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
==================== Find3M ====================
2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 17:32:06.95 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 20-May-09 Wed 5:22:12 PM (0 hours ago)
Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 74 GiB total, 23.049 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.895 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32
==== System Restore Points ===================
RP244: 14-May-09 Thu 12:49:49 AM - Scheduled Checkpoint
RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint
==== Installed Programs ======================
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
==== End Of File ===========================
How's the system working?
Annoyingly slow. When I empty the Recycle Bin, it's icon doesn't change. I wasn't even able to open the AVPT.txt file with Notepad as it caused it to hang each time. Eventually got it to open with Wordpad. Lastly, the Kaspersky scan took more than 15 hours!
Something's still quite wrong mate...