Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: Win32.TDSS.rtk is lingering somewhere

  1. #11
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Show hidden files (Vista)
    -----------------
    1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
    2. Click the View tab.
    3. Under Advanced settings, click Show hidden files and folders, and then click OK.


    Upload following file to Virustotal and post back the results:
    c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat



    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Folder::
    C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]
    
    DirLook::
    C:\Users\madPC\Downloads
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log & a fresh dds.txt log.


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.



    Have you defragged hard drive lately? If not please try Jkdefrag for example.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #12
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Post Virustotal results, ComboFix log, DDS log, HDD De-frag

    Hi blade81,

    As requested:

    Virustotal.com results for c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

    http://www.virustotal.com/analisis/0...58964ec3645da8


    ComboFix log

    The "DirLook" part of the results are in the txt file contained in the attached zip file.

    ComboFix 09-05-20.09 - madPC May-09 Thu 11:56.6 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1101 [GMT 9.5:30]
    Running from: c:\users\madPC\Desktop\ComboFix.exe
    Command switches used :: c:\users\madPC\Desktop\CFScript.txt
    AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\SSubTmr6.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
    .

    2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\madPC\AppData\Local\temp
    2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\Administrator\AppData\Local\temp
    2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\programdata\is-S4G4L
    2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\users\All Users\is-S4G4L
    2009-05-19 15:59 . 2009-05-20 07:51 1286176 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-05-18 09:23 . 2009-05-18 09:42 -------- d-----w c:\users\madPC\AppData\Roaming\vlc
    2009-05-17 12:28 . 2009-05-17 12:28 -------- d-----w c:\users\madPC\AppData\Local\Adobe
    2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
    2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
    2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
    2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
    2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
    2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
    2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
    2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
    2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
    2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
    2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
    2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
    2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
    2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
    2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
    2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
    2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
    2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
    2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
    2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
    2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
    2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
    2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
    2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
    2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
    2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
    2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
    2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
    2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
    2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-21 01:33 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
    2009-05-20 07:51 . 2009-05-19 15:59 16148 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
    2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
    2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
    2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
    2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
    2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
    2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
    2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
    2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
    2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
    2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
    2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
    2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
    2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
    2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
    2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
    2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
    2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
    2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
    2009-04-06 06:02 . 2009-04-18 03:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 06:02 . 2009-04-18 03:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
    2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
    2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
    2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
    2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
    2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
    2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
    2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
    2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
    2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
    2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
    2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
    2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
    2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
    2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
    2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
    2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
    2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
    2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
    2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
    2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
    2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
    2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
    2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
    2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
    2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
    2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
    2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
    2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
    2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
    2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
    2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
    2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
    2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
    2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
    2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
    2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
    2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
    2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
    2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
    2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
    2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
    2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
    2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
    2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
    2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
    2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
    2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
    2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
    2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
    2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
    2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
    2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
    2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
    2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
    2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
    2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll

    .
    ((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-05-14 21:23 . 2009-05-21 01:38 66382 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:02 . 2009-05-21 01:38 74980 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
    - 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
    - 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-12 11:10 . 2009-05-21 01:38 8846 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
    + 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-05-21 01:41 624988 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-05-21 01:41 111398 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
    "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
    "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
    "PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
    "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
    "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "TaskbarNoThumbnail"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
    "{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
    "UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
    R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
    S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MPSSVC

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

    2009-05-21 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
    - c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:tabs
    Trusted Zone: kaspersky.com\www
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-21 11:59
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-05-21 12:01
    ComboFix-quarantined-files.txt 2009-05-21 02:31
    ComboFix2.txt 2009-05-17 09:07
    ComboFix3.txt 2009-05-01 05:04
    ComboFix4.txt 2009-04-30 17:06
    ComboFix5.txt 2009-05-21 02:26

    Pre-Run: 26,641,416,192 bytes free
    Post-Run: 26,575,175,680 bytes free

    1699 --- E O F --- 2009-05-01 06:49


    DDS logs


    DDS

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by madPC at 12:15:51.04 on 21-May-09 Thu
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1071 [GMT 9.5:30]

    AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Softex\OmniPass\OmniServ.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Softex\OmniPass\opvapp.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\madPC\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:tabs
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
    mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: kaspersky.com\www
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
    TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
    TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

    ============= SERVICES / DRIVERS ===============

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
    S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

    =============== Created Last 30 ================

    2009-05-21 12:01 <DIR> --dsh--- C:\$RECYCLE.BIN
    2009-05-21 11:56 161,792 a------- c:\windows\SWREG.exe
    2009-05-21 11:56 130,048 a------- c:\windows\PEV.exe
    2009-05-21 11:56 98,816 a------- c:\windows\sed.exe
    2009-05-21 11:56 <DIR> --ds---- C:\ComboFix
    2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
    2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
    2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
    2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
    2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
    2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
    2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
    2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
    2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
    2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
    2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
    2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
    2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
    2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
    2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
    2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
    2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
    2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
    2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
    2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
    2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
    2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
    2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
    2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
    2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
    2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
    2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
    2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
    2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
    2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
    2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
    2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
    2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
    2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys

    ==================== Find3M ====================

    2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
    2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
    2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
    2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
    2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
    2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
    2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
    2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
    2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
    2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
    2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
    2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
    2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
    2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
    2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
    2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
    2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
    2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
    2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
    2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
    2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
    2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
    2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
    2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
    2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
    2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
    2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
    2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
    2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
    2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
    2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
    2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
    2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
    2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
    2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
    2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
    2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
    2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
    2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
    2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
    2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
    2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
    2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
    2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
    2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
    2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
    2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
    2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
    2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
    2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
    2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
    2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
    2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
    2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
    2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
    2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
    2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
    2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
    2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
    2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
    2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
    2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
    2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
    2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
    2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
    2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
    2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
    2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
    2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
    2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
    2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
    2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
    2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
    2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
    2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
    2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
    2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 12:16:14.83 ===============


    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 13-Feb-09 Fri 12:32:21 PM
    System Uptime: 21-May-09 Thu 11:04:25 AM (1 hours ago)

    Motherboard: FUJITSU | | FJNB1D3
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 24.84 GiB free.
    D: is FIXED (NTFS) - 74 GiB total, 46.21 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Wireless WiFi Link 4965AGN
    Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) Wireless WiFi Link 4965AGN
    PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
    Service: NETw4v32

    ==== System Restore Points ===================

    RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
    RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
    RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
    RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
    RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
    RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
    RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
    RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
    RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint
    RP254: 21-May-09 Thu 11:37:16 AM - Scheduled Checkpoint

    ==== Installed Programs ======================

    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    Agere Systems HDA Modem
    AuthenTec Fingerprint Sensor Minimum Install
    Bluetooth Stack for Windows by Toshiba
    BT headset fix
    CCleaner (remove only)
    CutePDF Writer 2.7
    DSTfix
    ERUNT 1.1j
    Fujitsu Display Manager
    Fujitsu Hardware Diagnostics Tool
    Fujitsu Hotkey Utility
    Fujitsu System Extension Utility
    Fujitsu WebCam
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImgBurn
    Inst5657
    Intel(R) Graphics Media Accelerator Driver
    Intel® Turbo Memory and Intel® Matrix Storage Manager
    Java(TM) 6 Update 13
    LifeBook Application Panel
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Baseline Security Analyzer 2.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Web Access S/MIME
    Microsoft Silverlight
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Framework Services v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB954430)
    NetBoard
    O2Micro Flash Memory Card Windows Driver
    OGA Notifier 1.7.0105.35.0
    OmniPass 5.00.18
    OZ711 SCR Driver V3.0.0.9A
    PC Optimizer Pro ver.4.5.17
    Power Saving Utility
    PowerDVD
    PowerProducer
    QuickTime
    Real Time Clock Update
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator Home
    SanDisk Wi-Fi SD Card for Windows CE 4.00
    Security Update for CAPICOM (KB931906)
    Shock Sensor Utility
    Skype™ 3.8
    Skype™ for Pocket PC 1.1
    Skype™ for Windows Mobile 2.5
    Spb GPRS Monitor
    Spybot - Search & Destroy
    Symantec AntiVirus
    Synaptics Pointing Device Driver
    SyncToy 2.0 (x86)
    TweakVI
    UltraVNC 1.0.5.6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    Update Navi
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.9
    vLite
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Mobile Developer Power Toys
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    WinRAR archiver
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7030] - The 259AF39406791205E85E436A3D1F675C service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 259AF39406791205E85E436A3D1F675C service to connect.
    21-May-09 Thu 11:59:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CC8BA6821EF1BEF0A685519DD778453A service to connect.
    21-May-09 Thu 11:59:45 AM, Error: Service Control Manager [7030] - The CC8BA6821EF1BEF0A685519DD778453A service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    21-May-09 Thu 11:56:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 6CA50881A260B02C8CC5DA96B8E897B6 service to connect.
    21-May-09 Thu 11:56:48 AM, Error: Service Control Manager [7030] - The 6CA50881A260B02C8CC5DA96B8E897B6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
    14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
    14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

    ==== End Of File ===========================



    Defragmenting Hard disk

    Vista said it had done so as recently as a just one day prior to your message. However, I downloaded Jkdefrag and ran it.

  3. #13
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    I don't see C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO] folder removed yet. Since its contents looks less than legit I ask you to remove it. We don't support piracy here.

    How's the system now?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #14
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Unhappy Folder deleted

    Hi blade81,

    I don't know why the folder didn't get removed, but anyway I shift-deleted it.

    As for the performance, it's very bad. The PC is running slowly, so slow that even the Recycle bin won't update it's icon when the bin's been emptied.

    I also tried to update run Ad-Aware (to run a scan) but strangely the following message came up immediately: 'Connection error, check your settings.' That leads me to believe that there really is something somewhere in the system. (and I so can't wait to get it out!)

    Thanks,
    madPC

  5. #15
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Download GMER and save it your desktop:
    • Extract it to your desktop and double-click GMER.exe
    • Click rootkit-tab and then scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log in your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #16
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Post GMER log

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-05-28 01:05:46
    Windows 6.0.6001 Service Pack 1


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

  7. #17
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    That looks ok. Could you check what processes take most CPU in task manager? How much memory does the system have installed?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #18
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Post CPU Usage, Installed Memory

    Hi,

    Sorted the processes list by CPU Usage and the following kept reappearing and disappearing in the 2 minutes I spent monitoring it:

    System Idle Process
    firefox.exe
    taskmgr.exe
    taskeng.exe
    ccSvcHst.exe
    IAANTmon.exe
    svchost.exe
    Rtvscan.exe
    System

    As for Memory, there are two identical Samsung 1 GB DDR2 667MHz RAM sticks installed, one of which I installed the same day I bought the laptop over a year ago.

    Thanks

  9. #19
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    What kind of CPU rates there for those processes? System idle can be excluded since it's in normal conditions always like 99%.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #20
    Junior Member
    Join Date
    May 2009
    Posts
    22

    Post CPU Usage Rates

    Mainly between 1 and 5, though at one point firefox.exe went to 10.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •