Page 1 of 4 1234 LastLast
Results 1 to 10 of 34

Thread: Win32.TDSS.rtk is lingering somewhere

  1. #1
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Default Win32.TDSS.rtk is lingering somewhere

    Hi

    A week ago, Spybot detected Win32.TDSS.rtk. I googled and came across one of the threads in the same forum. Read it and tried some of the fixes advised on my own (I now regret having done so). Here's pretty much what I did in order:

    Ran ComboFix
    Ran Malwarebytes - detected 6 trojans of win32.tdss.rtk
    Uninstalled adobe 8.3
    Installed adobe 9.1
    Uninstall java
    Installed java
    Ran atf cleaner
    Ran dds
    Created own cfscript
    Ran cfscript (reboot took long)
    Ran atf (reboot took long)

    Everything seemed to work fine, until just now. Again, I keep getting redirected to www.google.com/undefined and various websites every now and then when I click on links from a Google search. PC is also working pretty slow.

    I've read the before you post thread i.e. disabled Spybot's TeaTimer, backed up registry, installed HijackThis in the Program Files folder, etc.


    Now here's the log: (ran HijackThis.exe as administrator)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:20:44 AM, on 10-May-09 Sun
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    O4 - HKLM\..\Run: [LVCOMSX] "c:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/w...omanagerwt.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99}: NameServer = 192.231.203.132,192.231.203.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Logitech IBT Service (LvIBTSvr) - Logitech Inc. - c:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
    O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

    --
    End of file - 8739 bytes

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Ran ComboFix
    Hi

    You already regreted doing that but I still post link to our sticky so that readers of this topic will see it. Do NOT run 'fixes' before helpers have analyzed HJT log

    Please post contents of c:\ComboFix.txt file back here.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Default Logging Logs

    Here's the list of what I did (again), but with their respective logs (post 1/2)

    Ran ComboFix

    ComboFix 09-04-29.03 - madPC Apr-09 Thu 23:19.1 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1167 [GMT 9.5:30]
    Running from: c:\users\madPC\Desktop\ComboFix.exe
    AV: Symantec AntiVirus *On-access scanning enabled* (Updated)
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys
    c:\windows\system32\ovfsthdfjbolsnmxnpmxgoctleouxrwxxmregx.dll
    c:\windows\system32\ovfsthpnoujbtpidpaolpodhreuhfxieneiubh.dat
    c:\windows\system32\ovfsthqwbluljsxjdmearguumufmykqctxbbem.dat

    ----- BITS: Possible infected sites -----

    hxxp://globalstats.net
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie


    ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
    .

    2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
    2009-04-30 09:53 . 2009-04-30 09:53 -------- d-----w c:\users\madPC\DoctorWeb
    2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
    2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\progra~2\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
    2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
    2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
    2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\progra~2\WLInstaller
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
    2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
    2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
    2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
    2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
    2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
    2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
    2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\progra~2\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
    2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
    2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
    2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
    2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
    2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
    2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
    2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
    2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
    2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
    2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
    2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
    2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
    2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
    2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
    2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
    2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
    2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
    2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
    2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
    2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
    2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
    2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
    2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
    2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\progra~2\Lavasoft
    2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
    2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
    2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
    2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
    2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
    2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent
    2009-04-13 06:28 . 2009-04-28 07:57 -------- d-----w C:\!KillBox
    2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\program files\Apple Software Update
    2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\progra~2\Apple
    2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\users\All Users\Apple
    2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
    2009-04-13 02:57 . 2009-04-13 03:14 -------- d-----w c:\users\Administrator\AppData\Roaming\vlc
    2009-04-13 02:30 . 2009-04-21 00:58 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
    2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\program files\QuickTime
    2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\progra~2\Apple Computer
    2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\users\All Users\Apple Computer
    2009-04-04 12:07 . 2009-04-04 12:07 -------- d-----w c:\users\Administrator\AppData\Local\Yahoo
    2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\progra~2\Yahoo!
    2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\users\All Users\Yahoo!
    2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\program files\Yahoo!
    2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
    2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\progra~2\Office Genuine Advantage
    2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\users\All Users\Office Genuine Advantage
    2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
    2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
    2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
    2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
    2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
    2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
    2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
    2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
    2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
    2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
    2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
    2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
    2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
    2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
    2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
    2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
    2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
    2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
    2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
    2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
    2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
    2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
    2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
    2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
    2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
    2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
    2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
    2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
    2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
    2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
    2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
    2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
    2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
    2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
    2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
    2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-30 13:55 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
    2009-04-30 12:21 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
    2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
    2009-04-28 12:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-04-28 12:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-04-28 12:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
    2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
    2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
    2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
    2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
    2009-04-04 03:44 . 2007-04-17 20:09 -------- d-----w c:\program files\Java
    2009-04-03 18:15 . 2009-04-03 18:15 2560 ----a-w c:\windows\AppPatch\AcRes.dll
    2009-04-03 18:15 . 2009-04-03 18:15 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2009-04-03 18:15 . 2009-04-03 18:15 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2009-04-03 18:15 . 2009-04-03 18:15 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2009-04-03 18:15 . 2009-04-03 18:15 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2009-04-03 18:15 . 2009-04-03 18:15 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2009-03-13 12:29 . 2009-02-24 12:58 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-08 18:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-08 11:34 . 2009-04-23 03:57 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 11:34 . 2009-04-23 03:57 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 11:33 . 2009-04-23 03:57 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 11:33 . 2009-04-23 03:57 109056 ----a-w c:\windows\system32\iesysprep.dll
    2009-03-08 11:33 . 2009-04-23 03:57 109568 ----a-w c:\windows\system32\PDMSetup.exe
    2009-03-08 11:33 . 2009-04-23 03:57 132608 ----a-w c:\windows\system32\ieUnatt.exe
    2009-03-08 11:33 . 2009-04-23 03:57 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
    2009-03-08 11:33 . 2009-04-23 03:57 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
    2009-03-08 11:33 . 2009-04-23 03:57 103936 ----a-w c:\windows\system32\SetDepNx.exe
    2009-03-08 11:33 . 2009-04-23 03:57 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 11:32 . 2009-04-23 03:57 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 11:32 . 2009-04-23 03:57 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 11:32 . 2009-04-23 03:57 66560 ----a-w c:\windows\system32\wextract.exe
    2009-03-08 11:32 . 2009-04-23 03:57 169472 ----a-w c:\windows\system32\iexpress.exe
    2009-03-08 11:31 . 2009-04-23 03:57 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 11:31 . 2009-04-23 03:57 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 11:31 . 2009-04-23 03:57 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 11:22 . 2009-04-23 03:57 156160 ----a-w c:\windows\system32\msls31.dll
    2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
    2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
    2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
    2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
    2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
    2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
    2009-02-24 12:58 . 2009-02-24 12:58 561688 ----a-w c:\windows\system32\wuapi.dll
    2009-02-24 12:58 . 2009-02-24 12:58 34328 ----a-w c:\windows\system32\wups.dll
    2009-02-24 12:57 . 2009-02-24 12:57 31232 ----a-w c:\windows\system32\wuapp.exe
    2009-02-24 12:57 . 2009-02-24 12:57 162064 ----a-w c:\windows\system32\wuwebv.dll
    2009-02-12 11:39 . 2009-02-12 11:39 12712 ----a-w c:\windows\system32\drivers\FJGSDisk.sys
    2009-02-12 11:04 . 2009-02-12 11:04 99864 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
    "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
    "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
    "PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
    "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
    "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
    "{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
    "TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 omnipass;omnipass; [x]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
    R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]
    R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
    R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-27 122008]
    S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-02-12 12712]
    S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
    S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
    S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
    S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-12-22 63016]
    S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-01-11 12288]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

    2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
    - c:\windows\system32\msfeedssync.exe [2009-04-23 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:tabs
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-30 23:44
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys 83968 bytes executable
    c:\windows\system32\ovfsthcettpcbilowcpvbnbrrtoxuskymsmlpq.dat 2418 bytes
    c:\windows\system32\ovfsthcqwtjumvsbmiftubdoffvqylchcbxsts.dll 19456 bytes executable
    c:\windows\system32\ovfstheepxdcrrgqbynuertsfkdmteyxngdrmp.dll 17920 bytes executable
    c:\windows\system32\ovfsthldbowyvnoponfggajnivdmqoykldkjxj.dll 17920 bytes executable
    c:\windows\system32\ovfsthqfrvipyftqqurimqilppwtmdmctqvgbv.dll 61440 bytes executable
    c:\windows\system32\ovfsthyenaicmkengblcuyxqsdpjpmepvhsruj.dll 19456 bytes executable
    c:\users\madPC\AppData\Local\Temp\ovfsth000 0 bytes
    c:\windows\TEMP\ovfsthjrxxsbdkny.tmp 23040 bytes executable

    scan completed successfully
    hidden files: 9

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"

    [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)

    [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"

    [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""

    [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"

    [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_USERS\system\ControlSet001\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet002\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet003\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet004\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet005\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet006\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet007\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet008\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet009\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet010\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet011\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet012\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet013\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_USERS\system\ControlSet013\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Softex\OmniPass\OmniServ.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\agrsmsvc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    c:\windows\System32\o2flash.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Softex\OmniPass\opvapp.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    c:\windows\System32\igfxsrvc.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-30 23:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-04-30 14:16

    Pre-Run: 36,160,290,816 bytes free
    Post-Run: 35,685,863,424 bytes free

    511 --- E O F --- 2009-04-21 02:21



    Ran Malwarebytes - detected 6 trojans of win32.tdss.rtk

    Uninstalled adobe 8.3
    Installed adobe 9.1

    Uninstall java
    Installed java


    Ran ATF cleaner


    Ran dds


    DDS (Ver_09-03-16.01) - NTFSx86
    Run by madPC at 1:41:40.72 on 01-May-09 Fri
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1156 [GMT 9.5:30]

    AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Softex\OmniPass\OmniServ.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Softex\OmniPass\opvapp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\IELowutil.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\madPC\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:tabs
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1

    \SDHelper.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

    files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

    files\java\jre6\bin\jp2ssv.dll
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
    mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk -

    c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

    c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

    c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

    c:\progra~1\spybot~1\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

    hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-

    1719D1177202/LegitCheckControl.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

    hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} -

    hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

    hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

    1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

    1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

    1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

    hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} -

    hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program

    files\mimectl.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-

    8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

    ============= SERVICES / DRIVERS ===============

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009

    -2-12 12712]
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32

    \drivers\iaNvStor.sys [2007-5-15 208896]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-

    aware\AAWService.exe [2009-3-10 953168]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program

    files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program

    files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

    shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15

    5632]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2

    30720]
    S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe

    [2007-4-3 76576]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

    =============== Created Last 30 ================

    2009-04-30 23:37 284,748,436 a------- c:\windows\MEMORY.DMP
    2009-04-30 21:49 161,792 a------- c:\windows\SWREG.exe
    2009-04-30 21:49 98,816 a------- c:\windows\sed.exe
    2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
    2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
    2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
    2009-04-30 01:50 549 a------- c:\windows\wininit.ini
    2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
    2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
    2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
    2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
    2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
    2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
    2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common

    files\WindowsLiveInstaller
    2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
    2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
    2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
    2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
    2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
    2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
    2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
    2009-04-24 10:04 155 a------- c:\windows\system32\SelfDel.bat
    2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
    2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
    2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security

    Analyzer 2
    2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
    2009-04-19 03:18 <DIR> --d----- c:\users\madPC\appdata\roaming\Malwarebytes
    2009-04-18 12:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-04-18 12:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-18 12:46 <DIR> --d----- c:\programdata\Malwarebytes
    2009-04-18 12:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-04-18 12:46 <DIR> --d----- c:\progra~2\Malwarebytes
    2009-04-17 00:46 0 a---h--- c:\windows\system32

    \drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-17 00:13 784,896 a------- c:\windows\system32\rpcrt4.dll
    2009-04-17 00:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys
    2009-04-17 00:13 72,192 a------- c:\windows\system32\drivers\pacer.sys
    2009-04-17 00:13 15,360 a------- c:\windows\system32\pacerprf.dll
    2009-04-17 00:12 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
    2009-04-17 00:12 565,248 a------- c:\windows\system32\emdmgmt.dll
    2009-04-17 00:12 148,480 a------- c:\windows\system32\drivers\nwifi.sys
    2009-04-17 00:12 45,056 a------- c:\windows\system32\dataclen.dll
    2009-04-17 00:12 36,864 a------- c:\windows\system32\cdd.dll
    2009-04-17 00:12 180,224 a------- c:\windows\system32\scrobj.dll
    2009-04-17 00:12 172,032 a------- c:\windows\system32\scrrun.dll
    2009-04-17 00:12 155,648 a------- c:\windows\system32\wscript.exe
    2009-04-17 00:12 135,168 a------- c:\windows\system32\wshom.ocx
    2009-04-17 00:12 135,168 a------- c:\windows\system32\cscript.exe
    2009-04-17 00:12 90,112 a------- c:\windows\system32\wshext.dll
    2009-04-16 23:58 <DIR> --d----- C:\PerfLogs
    2009-04-16 20:18 866,816 a------- c:\windows\system32\wmpmde.dll
    2009-04-16 20:17 222,720 a------- c:\windows\system32\wavemsp.dll
    2009-04-16 20:16 246,784 a------- c:\windows\system32\drvstore.dll
    2009-04-16 20:16 305,152 a------- c:\windows\system32\msdelta.dll
    2009-04-16 20:16 258,560 a------- c:\windows\system32\dpx.dll
    2009-04-16 20:16 35,328 a------- c:\windows\system32\mspatcha.dll
    2009-04-16 01:22 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-04-16 00:49 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-

    FE5819D6772F}
    2009-04-16 00:49 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-

    FE5819D6772F}
    2009-04-16 00:49 <DIR> --d----- c:\programdata\Lavasoft
    2009-04-16 00:49 <DIR> --d----- c:\program files\Lavasoft
    2009-04-15 17:26 <DIR> --d----- c:\program files\Toshiba
    2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
    2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
    2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
    2009-04-15 16:15 118 a------- c:\windows\system32\MRT.INI
    2009-04-13 15:58 <DIR> --d----- C:\!KillBox
    2009-04-13 14:30 <DIR> --d----- c:\programdata\Apple
    2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
    2009-04-13 11:01 <DIR> --d----- c:\programdata\Apple Computer
    2009-04-04 20:22 <DIR> --d----- c:\programdata\Yahoo!
    2009-04-04 20:22 <DIR> --d----- c:\program files\Yahoo!
    2009-04-04 11:09 <DIR> --d----- c:\programdata\Office Genuine Advantage
    2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
    2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
    2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
    2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
    2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
    2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2009-04-04 03:45 4,240,384 a------- c:\windows\system32

    \GameUXLegacyGDFs.dll
    2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
    2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
    2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
    2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
    2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
    2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
    2009-04-04 03:39 4,096 a------- c:\windows\system32\msdxm.ocx
    2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
    2009-04-04 03:37 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
    2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
    2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
    2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
    2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
    2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
    2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
    2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
    2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
    2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
    2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
    2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
    2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
    2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
    2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
    2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
    2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
    2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
    2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
    2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
    2009-04-04 03:08 37,384 a------- c:\windows\system32\infocardcpl.cpl
    2009-04-04 03:08 105,016 a------- c:\windows\system32

    \PresentationCFFRasterizerNative_v0300.dll
    2009-04-04 03:08 781,344 a------- c:\windows\system32

    \PresentationNative_v0300.dll
    2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
    2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
    2009-04-04 02:54 15,138,816 a------- c:\windows\ocsetup_install_NetFx3.etl
    2009-04-04 02:54 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
    2009-04-04 02:54 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
    2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
    2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
    2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
    2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
    2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
    2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
    2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
    2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
    2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
    2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
    2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
    2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
    2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
    2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
    2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
    2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
    2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
    2009-04-04 02:35 <DIR> --d----- c:\program files\MSXML 4.0
    2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
    2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll

    ==================== Find3M ====================

    2009-05-01 01:32 410,984 a------- c:\windows\system32\deploytk.dll
    2009-04-28 21:52 51,200 a------- c:\windows\inf\infpub.dat
    2009-04-28 21:52 143,360 a------- c:\windows\inf\infstrng.dat
    2009-04-28 21:52 86,016 a------- c:\windows\inf\infstor.dat
    2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
    2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
    2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
    2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
    2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
    2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
    2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
    2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
    2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2009-03-08 21:04 914,944 a------- c:\windows\system32\wininet.dll
    2009-03-08 21:04 43,008 a------- c:\windows\system32\licmgr10.dll
    2009-03-08 21:03 18,944 a------- c:\windows\system32\corpol.dll
    2009-03-08 21:03 109,056 a------- c:\windows\system32\iesysprep.dll
    2009-03-08 21:03 109,568 a------- c:\windows\system32\PDMSetup.exe
    2009-03-08 21:03 132,608 a------- c:\windows\system32\ieUnatt.exe
    2009-03-08 21:03 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
    2009-03-08 21:03 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
    2009-03-08 21:03 103,936 a------- c:\windows\system32\SetDepNx.exe
    2009-03-08 21:03 420,352 a------- c:\windows\system32\vbscript.dll
    2009-03-08 21:02 72,704 a------- c:\windows\system32\admparse.dll
    2009-03-08 21:02 71,680 a------- c:\windows\system32\iesetup.dll
    2009-03-08 21:02 66,560 a------- c:\windows\system32\wextract.exe
    2009-03-08 21:02 169,472 a------- c:\windows\system32\iexpress.exe
    2009-03-08 21:01 34,816 a------- c:\windows\system32\imgutil.dll
    2009-03-08 21:01 48,128 a------- c:\windows\system32\mshtmler.dll
    2009-03-08 21:01 45,568 a------- c:\windows\system32\mshta.exe
    2009-03-08 20:52 156,160 a------- c:\windows\system32\msls31.dll
    2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
    2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
    2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
    2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 1:42:35.86 ===============


    Created own cfscript

    DDS::
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-

  4. #4
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Default Logging Logs p2/2

    Here's the list of what I did (again), but with their respective logs (post 2/2)

    Ran ComboFix with CFscript (reboot took very long)

    ComboFix 09-04-29.03 - madPC May-09 Fri 2:14.2 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.918 [GMT 9.5:30]
    Running from: c:\users\madPC\Desktop\ComboFix.exe
    Command switches used :: c:\users\madPC\Desktop\CFScript.txt
    AV: Symantec AntiVirus *On-access scanning disabled* (Updated)
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys
    c:\windows\system32\ovfsthcettpcbilowcpvbnbrrtoxuskymsmlpq.dat
    c:\windows\system32\ovfsthqfrvipyftqqurimqilppwtmdmctqvgbv.dll
    c:\windows\system32\ovfsthxrphqddxovwqbiwrsqamqnkbvxcvopyy.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie
    -------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie


    ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
    .

    2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
    2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
    2009-04-30 09:53 . 2009-04-30 09:53 -------- d-----w c:\users\madPC\DoctorWeb
    2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
    2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\progra~2\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
    2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
    2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
    2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\progra~2\WLInstaller
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
    2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
    2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
    2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
    2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
    2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
    2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
    2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\progra~2\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
    2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
    2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
    2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
    2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
    2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
    2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
    2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
    2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
    2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
    2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
    2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
    2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
    2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
    2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
    2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
    2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
    2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
    2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
    2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
    2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
    2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
    2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
    2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
    2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\progra~2\Lavasoft
    2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
    2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
    2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
    2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
    2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
    2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent
    2009-04-13 06:28 . 2009-04-28 07:57 -------- d-----w C:\!KillBox
    2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\program files\Apple Software Update
    2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\progra~2\Apple
    2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\users\All Users\Apple
    2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
    2009-04-13 02:57 . 2009-04-13 03:14 -------- d-----w c:\users\Administrator\AppData\Roaming\vlc
    2009-04-13 02:30 . 2009-04-21 00:58 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
    2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\program files\QuickTime
    2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\progra~2\Apple Computer
    2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\users\All Users\Apple Computer
    2009-04-04 12:07 . 2009-04-04 12:07 -------- d-----w c:\users\Administrator\AppData\Local\Yahoo
    2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\progra~2\Yahoo!
    2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\users\All Users\Yahoo!
    2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\program files\Yahoo!
    2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
    2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\progra~2\Office Genuine Advantage
    2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\users\All Users\Office Genuine Advantage
    2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
    2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
    2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
    2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
    2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
    2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
    2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
    2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
    2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
    2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
    2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
    2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
    2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
    2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
    2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
    2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
    2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
    2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
    2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
    2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
    2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
    2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
    2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
    2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
    2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
    2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
    2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
    2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
    2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
    2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
    2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
    2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
    2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
    2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
    2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-30 16:48 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
    2009-04-30 16:02 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-04-30 15:59 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
    2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-30 15:06 . 2007-04-17 20:09 -------- d-----w c:\program files\Java
    2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
    2009-04-28 12:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-04-28 12:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-04-28 12:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
    2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
    2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
    2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
    2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
    2009-04-03 18:15 . 2009-04-03 18:15 2560 ----a-w c:\windows\AppPatch\AcRes.dll
    2009-04-03 18:15 . 2009-04-03 18:15 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2009-04-03 18:15 . 2009-04-03 18:15 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2009-04-03 18:15 . 2009-04-03 18:15 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2009-04-03 18:15 . 2009-04-03 18:15 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2009-04-03 18:15 . 2009-04-03 18:15 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2009-03-13 12:29 . 2009-02-24 12:58 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-08 11:34 . 2009-04-23 03:57 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 11:34 . 2009-04-23 03:57 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 11:33 . 2009-04-23 03:57 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 11:33 . 2009-04-23 03:57 109056 ----a-w c:\windows\system32\iesysprep.dll
    2009-03-08 11:33 . 2009-04-23 03:57 109568 ----a-w c:\windows\system32\PDMSetup.exe
    2009-03-08 11:33 . 2009-04-23 03:57 132608 ----a-w c:\windows\system32\ieUnatt.exe
    2009-03-08 11:33 . 2009-04-23 03:57 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
    2009-03-08 11:33 . 2009-04-23 03:57 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
    2009-03-08 11:33 . 2009-04-23 03:57 103936 ----a-w c:\windows\system32\SetDepNx.exe
    2009-03-08 11:33 . 2009-04-23 03:57 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 11:32 . 2009-04-23 03:57 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 11:32 . 2009-04-23 03:57 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 11:32 . 2009-04-23 03:57 66560 ----a-w c:\windows\system32\wextract.exe
    2009-03-08 11:32 . 2009-04-23 03:57 169472 ----a-w c:\windows\system32\iexpress.exe
    2009-03-08 11:31 . 2009-04-23 03:57 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 11:31 . 2009-04-23 03:57 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 11:31 . 2009-04-23 03:57 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 11:22 . 2009-04-23 03:57 156160 ----a-w c:\windows\system32\msls31.dll
    2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
    2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
    2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
    2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
    2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
    2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
    2009-02-24 12:58 . 2009-02-24 12:58 561688 ----a-w c:\windows\system32\wuapi.dll
    2009-02-24 12:58 . 2009-02-24 12:58 34328 ----a-w c:\windows\system32\wups.dll
    2009-02-24 12:57 . 2009-02-24 12:57 31232 ----a-w c:\windows\system32\wuapp.exe
    2009-02-24 12:57 . 2009-02-24 12:57 162064 ----a-w c:\windows\system32\wuwebv.dll
    2009-02-12 11:39 . 2009-02-12 11:39 12712 ----a-w c:\windows\system32\drivers\FJGSDisk.sys
    2009-02-12 11:04 . 2009-02-12 11:04 99864 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-04-30_14.14.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-05-14 21:23 . 2009-04-30 16:44 64424 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:02 . 2009-04-30 16:44 73160 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-02-12 11:06 . 2009-04-30 14:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-12 11:06 . 2009-04-30 17:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-12 11:06 . 2009-04-30 17:00 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-02-12 11:06 . 2009-04-30 14:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-12 11:06 . 2009-04-30 17:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-02-12 11:06 . 2009-04-30 14:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-24 15:36 . 2009-04-30 16:01 7068 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-500_UserData.bin
    + 2009-02-12 11:10 . 2009-04-30 16:44 7690 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
    + 2006-11-02 10:33 . 2009-04-30 16:48 608884 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-04-30 13:55 608884 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-04-30 16:48 105952 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-04-30 13:55 105952 c:\windows\System32\perfc009.dat
    + 2009-04-30 16:02 . 2009-04-30 16:02 148888 c:\windows\System32\javaws.exe
    - 2009-04-04 03:44 . 2009-03-08 18:49 148888 c:\windows\System32\javaws.exe
    + 2009-04-30 16:02 . 2009-04-30 16:02 144792 c:\windows\System32\javaw.exe
    - 2009-04-04 03:44 . 2009-03-08 18:49 144792 c:\windows\System32\javaw.exe
    + 2009-04-30 16:02 . 2009-04-30 16:02 144792 c:\windows\System32\java.exe
    - 2009-04-04 03:44 . 2009-03-08 18:49 144792 c:\windows\System32\java.exe
    + 2009-04-23 04:08 . 2009-04-30 17:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-04-23 04:08 . 2009-04-30 14:07 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
    "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
    "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
    "PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
    "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
    "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-30 148888]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
    "{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
    "TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 omnipass;omnipass; [x]
    R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]
    R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
    R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-27 122008]
    S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-02-12 12712]
    S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
    S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
    S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
    S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-12-22 63016]
    S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-01-11 12288]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

    2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
    - c:\windows\system32\msfeedssync.exe [2009-04-23 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:tabs
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-01 02:31
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys 83968 bytes executable
    c:\users\madPC\AppData\Local\Temp\ovfsth000 0 bytes
    c:\windows\system32\ovfsthcqwtjumvsbmiftubdoffvqylchcbxsts.dll 19456 bytes executable
    c:\windows\system32\ovfstheepxdcrrgqbynuertsfkdmteyxngdrmp.dll 17920 bytes executable
    c:\windows\system32\ovfsthipwuyfcrvqhiqmocbrwvtlrqtfeiqaop.dll 19456 bytes executable
    c:\windows\system32\ovfsthldbowyvnoponfggajnivdmqoykldkjxj.dll 17920 bytes executable
    c:\windows\system32\ovfsthojhciexsbonadxsisnexsijrtkqxupfq.dll 17920 bytes executable
    c:\windows\system32\ovfsthtdleeqrnjcpnbifqubxbpcdbypxcfstv.dat 267 bytes
    c:\windows\system32\ovfsthxnpqyrytpqvbqrgmkblsdcuidpxtmafp.dll 61440 bytes executable
    c:\windows\system32\ovfsthyenaicmkengblcuyxqsdpjpmepvhsruj.dll 19456 bytes executable
    c:\windows\TEMP\ovfsthjrxxsbdkny.tmp 23040 bytes executable

    scan completed successfully
    hidden files: 11

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

    [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"

    [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)

    [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"

    [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""

    [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"

    [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_USERS\system\ControlSet001\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet002\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet003\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet004\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet005\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet006\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet007\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet008\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet009\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet010\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000

    [HKEY_USERS\system\ControlSet011\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet012\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

    [HKEY_USERS\system\ControlSet013\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_USERS\system\ControlSet013\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
    "inst"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Softex\OmniPass\OmniServ.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\agrsmsvc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    c:\windows\System32\o2flash.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files\Softex\OmniPass\opvapp.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    c:\windows\System32\igfxsrvc.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    c:\windows\System32\wbem\WMIADAP.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-30 2:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-04-30 17:06
    ComboFix2.txt 2009-04-30 14:16

    Pre-Run: 42,927,898,624 bytes free
    Post-Run: 42,895,994,880 bytes free

    544 --- E O F --- 2009-04-21 02:21


    Ran ATF cleaner


    Rebooted (took very long)


    I believe the next thing you're going to ask me to do is uninstall my P2P program - do you advise I do that in the admin account in safe mode / admin account in normal mode / my account in normal mode?

  5. #5
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi

    I believe the next thing you're going to ask me to do is uninstall my P2P program
    Well guessed Do uninstalling with your account from normal mode if it has admin privileges (= rights to do uninstalling). Otherwise use admin account (in normal mode).

    After that re-run ComboFix (let it update itself) and post back its report & a fresh dds.txt log contents, please.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Default ComboFix and DDS Logs

    ComboFix 09-05-13.02 - madPC May-09 Thu 17:46.4 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1073 [GMT 9.5:30]
    Running from: c:\users\madPC\Desktop\ComboFix.exe
    AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
    .

    2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
    2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
    2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w c:\users\madPC\AppData\Local\Apple Computer
    2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
    2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
    2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
    2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
    2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
    2009-05-01 08:29 . 2009-05-01 08:29 -------- d-----w c:\users\madPC\AppData\Local\Apple
    2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
    2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
    2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
    2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
    2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
    2009-04-30 18:36 . 2009-05-01 01:48 -------- d-----w c:\users\madPC\AppData\Local\Adobe
    2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
    2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
    2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
    2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
    2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
    2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
    2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
    2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
    2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
    2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
    2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
    2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
    2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
    2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
    2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
    2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-18 17:48 . 2009-04-18 17:48 -------- d-----w c:\users\madPC\AppData\Roaming\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
    2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\programdata\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
    2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
    2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
    2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
    2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
    2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
    2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
    2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
    2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
    2009-04-16 14:42 . 2008-05-08 21:59 430080 ----a-w c:\windows\system32\vbscript.dll
    2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
    2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
    2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
    2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
    2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
    2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
    2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
    2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
    2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
    2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
    2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
    2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
    2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
    2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
    2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
    2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
    2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\programdata\Lavasoft
    2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
    2009-04-15 08:12 . 2009-04-15 08:12 -------- d-----w c:\users\madPC\AppData\Roaming\Toshiba
    2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
    2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
    2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
    2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
    2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-14 07:55 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
    2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
    2009-04-30 15:59 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
    2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
    2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
    2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
    2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
    2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
    2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
    2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
    2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
    2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
    2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
    2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
    2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
    2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
    2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
    2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
    2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
    2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
    2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
    2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
    2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
    2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
    2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
    2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
    2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
    2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
    2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
    2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
    2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
    2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
    2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
    2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
    2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
    2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
    2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
    2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
    2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
    2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
    2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
    2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
    2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
    2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
    2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
    2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
    2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
    2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
    2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
    2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
    2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
    2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
    2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
    2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
    2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
    2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
    2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
    2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
    2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
    2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
    2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
    2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
    2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
    2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
    2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
    2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
    2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
    2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
    2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
    2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
    2009-04-03 17:04 . 2009-04-03 17:04 2048 ----a-w c:\windows\system32\msxml6r.dll
    2009-03-08 19:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
    2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
    2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
    2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
    2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
    2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
    "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
    "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
    "PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
    "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
    "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "TaskbarNoThumbnail"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
    "{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
    "TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
    "UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
    R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
    S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [18-Apr-09 Sat 12:46 PM 38496]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

    2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
    - c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:tabs
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
    FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-14 17:48
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\users\madPC\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2009-05-14 17:50
    ComboFix-quarantined-files.txt 2009-05-14 08:20
    ComboFix2.txt 2009-05-01 05:04
    ComboFix3.txt 2009-04-30 17:06
    ComboFix4.txt 2009-04-30 14:16

    Pre-Run: 27,697,840,128 bytes free
    Post-Run: 27,514,118,144 bytes free

    340 --- E O F --- 2009-05-01 06:49





    DDS (Ver_09-03-16.01) - NTFSx86
    Run by madPC at 0:00:06.58 on 15-May-09 Fri
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.958 [GMT 9.5:30]

    AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Softex\OmniPass\OmniServ.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    C:\Program Files\Softex\OmniPass\opvapp.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Windows\System32\svchost.exe -k wdisvc
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\mobsync.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\madPC\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:tabs
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
    mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

    ============= SERVICES / DRIVERS ===============

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
    S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-18 38496]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

    =============== Created Last 30 ================

    2009-05-14 17:44 161,792 a------- c:\windows\SWREG.exe
    2009-05-14 17:44 98,816 a------- c:\windows\sed.exe
    2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
    2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
    2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
    2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
    2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
    2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
    2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
    2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
    2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
    2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
    2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
    2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
    2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
    2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
    2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
    2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
    2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
    2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
    2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
    2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
    2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
    2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
    2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
    2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
    2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
    2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
    2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
    2009-04-24 10:04 155 a------- c:\windows\system32\SelfDel.bat
    2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
    2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
    2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
    2009-04-19 03:18 <DIR> --d----- c:\users\madPC\appdata\roaming\Malwarebytes
    2009-04-18 12:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-04-18 12:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-18 12:46 <DIR> --d----- c:\programdata\Malwarebytes
    2009-04-18 12:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-04-18 12:46 <DIR> --d----- c:\progra~2\Malwarebytes
    2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-17 00:13 784,896 a------- c:\windows\system32\rpcrt4.dll
    2009-04-17 00:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys
    2009-04-17 00:13 72,192 a------- c:\windows\system32\drivers\pacer.sys
    2009-04-17 00:13 15,360 a------- c:\windows\system32\pacerprf.dll
    2009-04-16 23:58 <DIR> --d----- C:\PerfLogs
    2009-04-16 20:18 866,816 a------- c:\windows\system32\wmpmde.dll
    2009-04-16 20:17 222,720 a------- c:\windows\system32\wavemsp.dll
    2009-04-16 20:16 246,784 a------- c:\windows\system32\drvstore.dll
    2009-04-16 20:16 305,152 a------- c:\windows\system32\msdelta.dll
    2009-04-16 20:16 258,560 a------- c:\windows\system32\dpx.dll
    2009-04-16 20:16 35,328 a------- c:\windows\system32\mspatcha.dll
    2009-04-16 01:22 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-04-16 00:49 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 00:49 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 00:49 <DIR> --d----- c:\programdata\Lavasoft
    2009-04-16 00:49 <DIR> --d----- c:\program files\Lavasoft
    2009-04-15 17:26 <DIR> --d----- c:\program files\Toshiba
    2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
    2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
    2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
    2009-04-15 16:15 118 a------- c:\windows\system32\MRT.INI
    2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll

    ==================== Find3M ====================

    2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
    2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
    2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
    2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
    2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
    2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
    2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
    2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
    2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
    2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
    2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
    2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
    2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
    2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
    2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
    2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
    2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
    2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
    2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
    2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
    2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
    2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
    2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
    2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
    2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
    2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
    2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
    2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
    2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
    2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
    2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
    2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
    2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
    2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
    2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
    2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
    2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
    2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
    2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
    2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
    2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
    2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
    2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
    2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
    2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
    2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
    2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
    2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
    2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
    2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
    2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
    2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
    2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
    2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
    2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
    2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
    2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
    2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
    2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
    2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
    2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
    2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
    2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
    2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
    2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
    2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
    2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
    2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
    2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
    2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
    2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
    2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
    2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 0:00:42.11 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 13-Feb-09 Fri 12:32:21 PM
    System Uptime: 14-May-09 Thu 11:44:40 PM (1 hours ago)

    Motherboard: FUJITSU | | FJNB1D3
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 25.216 GiB free.
    D: is FIXED (NTFS) - 74 GiB total, 46.895 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Wireless WiFi Link 4965AGN
    Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) Wireless WiFi Link 4965AGN
    PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
    Service: NETw4v32

    ==== System Restore Points ===================

    RP239: 10-May-09 Sun 6:03:38 AM - Device Driver Package Install: Intel IDE ATA/ATAPI controllers
    RP240: 11-May-09 Mon 12:42:02 AM - Scheduled Checkpoint
    RP241: 12-May-09 Tue 1:48:53 AM - Scheduled Checkpoint
    RP242: 13-May-09 Wed 12:53:43 AM - Scheduled Checkpoint
    RP243: 13-May-09 Wed 1:33:15 AM - Windows Update
    RP244: 14-May-09 Thu 12:49:49 AM - Scheduled Checkpoint
    RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    Agere Systems HDA Modem
    AuthenTec Fingerprint Sensor Minimum Install
    Bluetooth Stack for Windows by Toshiba
    BT headset fix
    CCleaner (remove only)
    CutePDF Writer 2.7
    DSTfix
    ERUNT 1.1j
    Fujitsu Display Manager
    Fujitsu Hardware Diagnostics Tool
    Fujitsu Hotkey Utility
    Fujitsu System Extension Utility
    Fujitsu WebCam
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImgBurn
    Inst5657
    Intel(R) Graphics Media Accelerator Driver
    Intel® Turbo Memory and Intel® Matrix Storage Manager
    Java(TM) 6 Update 13
    LifeBook Application Panel
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Baseline Security Analyzer 2.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Web Access S/MIME
    Microsoft Silverlight
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Framework Services v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB954430)
    NetBoard
    O2Micro Flash Memory Card Windows Driver
    OGA Notifier 1.7.0105.35.0
    OmniPass 5.00.18
    OZ711 SCR Driver V3.0.0.9A
    PC Optimizer Pro ver.4.5.17
    Power Saving Utility
    PowerDVD
    PowerProducer
    QuickTime
    Real Time Clock Update
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator Home
    SanDisk Wi-Fi SD Card for Windows CE 4.00
    Security Update for CAPICOM (KB931906)
    Shock Sensor Utility
    Skype™ 3.8
    Skype™ for Pocket PC 1.1
    Skype™ for Windows Mobile 2.5
    Spb GPRS Monitor
    Spybot - Search & Destroy
    Symantec AntiVirus
    Synaptics Pointing Device Driver
    SyncToy 2.0 (x86)
    TweakVI
    UltraVNC 1.0.5.6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    Update Navi
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.8a
    vLite
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Mobile Developer Power Toys
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    WinRAR archiver
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    12-May-09 Tue 8:18:16 AM, Error: EventLog [6008] - The previous system shutdown at 1:56:51 AM on 5/12/2009 was unexpected.
    09-May-09 Sat 12:22:56 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    09-May-09 Sat 12:22:56 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    08-May-09 Fri 2:30:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
    08-May-09 Fri 2:30:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    08-May-09 Fri 2:29:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
    08-May-09 Fri 2:28:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
    08-May-09 Fri 2:27:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    08-May-09 Fri 2:27:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Irmon service.
    08-May-09 Fri 2:26:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    08-May-09 Fri 2:26:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    08-May-09 Fri 2:25:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    08-May-09 Fri 11:51:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    08-May-09 Fri 11:50:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx Tosrfcom Wanarpv6 ws2ifsl
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    ==== End Of File ===========================

  7. #7
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi again,

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    File::
    c:\windows\system32\SelfDel.bat
    
    Folder::
    c:\users\Administrator\AppData\Roaming\BitTorrent
    c:\program files\BitTorrent
    c:\program files\DNA
    
    DirLook::
    c:\windows\system32\%APPDATA%
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"=-
    "{7DD80389-BAEB-42DD-A05F-880619A84500}"=-
    "{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"=-
    "{3935BD02-4B40-439B-86EA-B4F99566E630}"=-
    "TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"=-
    "UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"=-
    
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.


    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Exclamation ComboFix Log, Kaspersky failed

    Hi

    This is how I followed your instructions and what happened:

    1. Created CFScript.txt on desktop

    2. Disconnected LAN cable, Switched off WiFi switch

    3. Shut all windows open in the taskbar

    4. Disabled SAV (tray icon), Windows Defender, Windows Firewall

    5. Exited Ad-Aware from tray

    6. Set 'startup type' for the SAV and Lavasoft Services to Manual (forgot about Windows Defender) - did this just in case ComboFix would need to reboot and then re-run itself

    7. Dragged CFScript.txt onto ComboFix.exe (on desktop)

    8. Saved ComboFix log

    9. Ran ATF Cleaner as per instructions

    10. Reset 'startup type' for all aforementioned Services to Automatic

    11. Re-enabled Windows Firewall, Windows Defender

    12. Rebooted PC

    13. SAV wouldn't leave Auto-Protect on for more than 3 seconds. I would right click the icon, select Enable Auto-Protect and the icon would look fine, until only after 3 seconds, it would revert back to Auto-Protect Disabled.

    14. Rebooted again and it was OK. Re-connected LAN cable.

    15. Kaspersky Online Scanner gave me this error: 'Starting Java applet has failed! Please go online to use this program.' even though the Java icon was visible in the tray and even when I tried to add http://www.kaspersky.com to the Trusted Zone in the IE Security Settings.



    Here's the ComboFix log, by the way:

    ComboFix 09-05-13.02 - madPC May-09 Sun 18:32.5 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1230 [GMT 9.5:30]
    Running from: c:\users\madPC\Desktop\ComboFix.exe
    Command switches used :: c:\users\madPC\Desktop\CFScript.txt
    AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    c:\windows\system32\SelfDel.bat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\DNA
    c:\program files\DNA\btdna.exe
    c:\program files\DNA\DNAcpl.cpl
    c:\program files\DNA\plugins\npbtdna.dll
    c:\users\Administrator\AppData\Roaming\BitTorrent
    c:\users\Administrator\AppData\Roaming\BitTorrent\dht.dat
    c:\users\Administrator\AppData\Roaming\BitTorrent\resume.dat
    c:\users\Administrator\AppData\Roaming\BitTorrent\rss.dat
    c:\users\Administrator\AppData\Roaming\BitTorrent\settings.dat
    c:\windows\system32\SelfDel.bat

    .
    ((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
    .

    2009-05-16 07:01 . 2009-05-16 07:01 -------- d-----w c:\windows\LastGood
    2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
    2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
    2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w c:\users\madPC\AppData\Local\Apple Computer
    2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
    2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
    2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
    2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
    2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
    2009-05-01 08:29 . 2009-05-01 08:29 -------- d-----w c:\users\madPC\AppData\Local\Apple
    2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
    2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
    2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
    2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
    2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
    2009-04-30 18:36 . 2009-05-01 01:48 -------- d-----w c:\users\madPC\AppData\Local\Adobe
    2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
    2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
    2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
    2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
    2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
    2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
    2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
    2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
    2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
    2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
    2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
    2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
    2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
    2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
    2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-18 17:48 . 2009-04-18 17:48 -------- d-----w c:\users\madPC\AppData\Roaming\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
    2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\programdata\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-14 14:13 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
    2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
    2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
    2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
    2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
    2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
    2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
    2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
    2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
    2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
    2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
    2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
    2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
    2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
    2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
    2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
    2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
    2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
    2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
    2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
    2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
    2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
    2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
    2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
    2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
    2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
    2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
    2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
    2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
    2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
    2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
    2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
    2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
    2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
    2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
    2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
    2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
    2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
    2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
    2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
    2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
    2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
    2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
    2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
    2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
    2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
    2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
    2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
    2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
    2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
    2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
    2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
    2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
    2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
    2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
    2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
    2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
    2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
    2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
    2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
    2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
    2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
    2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
    2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
    2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
    2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
    2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
    2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
    2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
    2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
    2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
    2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
    2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
    2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
    2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
    2009-04-03 17:04 . 2009-04-03 17:04 2048 ----a-w c:\windows\system32\msxml6r.dll
    2009-03-08 19:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
    2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\windows\system32\%APPDATA% ----

    2009-04-28 20:04 . 2009-04-28 20:04 16384 --sha-w c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat


    ((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-05-14 21:23 . 2009-05-14 14:17 66104 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:02 . 2009-05-14 14:17 74892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
    - 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
    + 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-05-16 07:01 . 2006-11-02 08:51 13312 c:\windows\LastGood\system32\DRIVERS\sfloppy.sys
    - 2009-02-12 11:10 . 2009-05-14 07:59 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
    + 2009-02-12 11:10 . 2009-05-14 14:17 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
    + 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-05-16 11:30 624988 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-05-16 11:30 111398 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
    "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
    "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
    "PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
    "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
    "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "TaskbarNoThumbnail"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
    "UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
    R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
    S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

    2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
    - c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:tabs
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-17 18:35
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-05-17 18:37
    ComboFix-quarantined-files.txt 2009-05-17 09:07
    ComboFix2.txt 2009-05-01 05:04
    ComboFix3.txt 2009-04-30 17:06
    ComboFix4.txt 2009-04-30 14:16

    Pre-Run: 26,645,606,400 bytes free
    Post-Run: 26,554,630,144 bytes free

    322 --- E O F --- 2009-05-01 06:49


    Thanks!

  9. #9
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi

    Let's see this one instead of online version then

    Download the latest version of Kaspersky Virus Removal Tool

    * Close all other applications and double-click and run the installer.
    * When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
    * If malware is detected, don't remove anything.
    * After the scan finishes, don't neutralize anything.
    * In the Scan window click the Reports button and select Save to file.
    * Name the report AVPT.txt, and save it to the Desktop.
    * Close AVPTool.
    * You will be prompted if you want to uninstall the program; click Yes.
    * You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
    * Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

    Post also a fresh dds.txt log. How's the system running?
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Thumbs down Kaspersky Report, DDS Logs

    Hi blade81,

    Thanks for the suggested workaround. As requested:

    Kaspersky Report (Detected)

    Detected
    --------
    Status Object
    ------ ------
    detected: Trojan program Trojan-Dropper.Win32.Agent.anje File: C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]\Windows XP WPA Kill (TRIED IN SAFE MODE !!! )\WPA_KILL.EXE//data0000.cab/codec.exe


    DDS Logs

    DDS



    DDS (Ver_09-03-16.01) - NTFSx86
    Run by madPC at 17:31:11.33 on 20-May-09 Wed
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1116 [GMT 9.5:30]

    AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Softex\OmniPass\OmniServ.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Softex\OmniPass\opvapp.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\madPC\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:tabs
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
    mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: kaspersky.com\www
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

    ============= SERVICES / DRIVERS ===============

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
    S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

    =============== Created Last 30 ================

    2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
    2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
    2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2009-05-17 18:31 <DIR> --d----- C:\ComboFix
    2009-05-14 17:44 161,792 a------- c:\windows\SWREG.exe
    2009-05-14 17:44 98,816 a------- c:\windows\sed.exe
    2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
    2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
    2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
    2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
    2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
    2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
    2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
    2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
    2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
    2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
    2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
    2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
    2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
    2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
    2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
    2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
    2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
    2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
    2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
    2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
    2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
    2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
    2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
    2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
    2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
    2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
    2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
    2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
    2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
    2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys

    ==================== Find3M ====================

    2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
    2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
    2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
    2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
    2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
    2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
    2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
    2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
    2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
    2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
    2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
    2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
    2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
    2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
    2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
    2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
    2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
    2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
    2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
    2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
    2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
    2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
    2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
    2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
    2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
    2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
    2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
    2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
    2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
    2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
    2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
    2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
    2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
    2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
    2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
    2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
    2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
    2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
    2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
    2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
    2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
    2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
    2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
    2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
    2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
    2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
    2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
    2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
    2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
    2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
    2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
    2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
    2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
    2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
    2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
    2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
    2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
    2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
    2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
    2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
    2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
    2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
    2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
    2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
    2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
    2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
    2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
    2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
    2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
    2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
    2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
    2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
    2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
    2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
    2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
    2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
    2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 17:32:06.95 ===============


    Attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 13-Feb-09 Fri 12:32:21 PM
    System Uptime: 20-May-09 Wed 5:22:12 PM (0 hours ago)

    Motherboard: FUJITSU | | FJNB1D3
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 23.049 GiB free.
    D: is FIXED (NTFS) - 74 GiB total, 46.895 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Wireless WiFi Link 4965AGN
    Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) Wireless WiFi Link 4965AGN
    PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
    Service: NETw4v32

    ==== System Restore Points ===================

    RP244: 14-May-09 Thu 12:49:49 AM - Scheduled Checkpoint
    RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
    RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
    RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
    RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
    RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
    RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
    RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
    RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
    RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    Agere Systems HDA Modem
    AuthenTec Fingerprint Sensor Minimum Install
    Bluetooth Stack for Windows by Toshiba
    BT headset fix
    CCleaner (remove only)
    CutePDF Writer 2.7
    DSTfix
    ERUNT 1.1j
    Fujitsu Display Manager
    Fujitsu Hardware Diagnostics Tool
    Fujitsu Hotkey Utility
    Fujitsu System Extension Utility
    Fujitsu WebCam
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImgBurn
    Inst5657
    Intel(R) Graphics Media Accelerator Driver
    Intel® Turbo Memory and Intel® Matrix Storage Manager
    Java(TM) 6 Update 13
    LifeBook Application Panel
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Baseline Security Analyzer 2.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Web Access S/MIME
    Microsoft Silverlight
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Framework Services v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB954430)
    NetBoard
    O2Micro Flash Memory Card Windows Driver
    OGA Notifier 1.7.0105.35.0
    OmniPass 5.00.18
    OZ711 SCR Driver V3.0.0.9A
    PC Optimizer Pro ver.4.5.17
    Power Saving Utility
    PowerDVD
    PowerProducer
    QuickTime
    Real Time Clock Update
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator Home
    SanDisk Wi-Fi SD Card for Windows CE 4.00
    Security Update for CAPICOM (KB931906)
    Shock Sensor Utility
    Skype™ 3.8
    Skype™ for Pocket PC 1.1
    Skype™ for Windows Mobile 2.5
    Spb GPRS Monitor
    Spybot - Search & Destroy
    Symantec AntiVirus
    Synaptics Pointing Device Driver
    SyncToy 2.0 (x86)
    TweakVI
    UltraVNC 1.0.5.6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    Update Navi
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.9
    vLite
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Mobile Developer Power Toys
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    WinRAR archiver
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
    14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
    14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

    ==== End Of File ===========================


    How's the system working?

    Annoyingly slow. When I empty the Recycle Bin, it's icon doesn't change. I wasn't even able to open the AVPT.txt file with Notepad as it caused it to hang each time. Eventually got it to open with Wordpad. Lastly, the Kaspersky scan took more than 15 hours!

    Something's still quite wrong mate...

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •