Win32.TDSS.rtk is lingering somewhere

[madPC]

Hi

A week ago, Spybot detected Win32.TDSS.rtk. I googled and came across one of the threads in the same forum. Read it and tried some of the fixes advised on my own (I now regret having done so). Here's pretty much what I did in order:

Ran ComboFix
Ran Malwarebytes - detected 6 trojans of win32.tdss.rtk
Uninstalled adobe 8.3
Installed adobe 9.1
Uninstall java
Installed java
Ran atf cleaner
Ran dds
Created own cfscript
Ran cfscript (reboot took long)
Ran atf (reboot took long)

Everything seemed to work fine, until just now. Again, I keep getting redirected to www.google.com/undefined and various websites every now and then when I click on links from a Google search. PC is also working pretty slow.

I've read the before you post thread i.e. disabled Spybot's TeaTimer, backed up registry, installed HijackThis in the Program Files folder, etc.


Now here's the log: (ran HijackThis.exe as administrator)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:44 AM, on 10-May-09 Sun
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [LVCOMSX] "c:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{01573F81-6C25-441E-983B-581898952A67}: NameServer = 192.231.203.132,192.231.203.3
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech IBT Service (LvIBTSvr) - Logitech Inc. - c:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

--
End of file - 8739 bytes

 

[Blade81]

Ran ComboFix

Hi

You already regreted doing that but I still post link to our sticky so that readers of this topic will see it. Do NOT run 'fixes' before helpers have analyzed HJT log

Please post contents of c:\ComboFix.txt file back here.

 

[madPC]

Logging Logs

Here's the list of what I did (again), but with their respective logs (post 1/2)

Ran ComboFix

ComboFix 09-04-29.03 - madPC Apr-09 Thu 23:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1167 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys
c:\windows\system32\ovfsthdfjbolsnmxnpmxgoctleouxrwxxmregx.dll
c:\windows\system32\ovfsthpnoujbtpidpaolpodhreuhfxieneiubh.dat
c:\windows\system32\ovfsthqwbluljsxjdmearguumufmykqctxbbem.dat

----- BITS: Possible infected sites -----

hxxp://globalstats.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-04-30 09:53 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\progra~2\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\progra~2\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\progra~2\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\progra~2\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent
2009-04-13 06:28 . 2009-04-28 07:57 -------- d-----w C:\!KillBox
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\program files\Apple Software Update
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\progra~2\Apple
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\users\All Users\Apple
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-13 02:57 . 2009-04-13 03:14 -------- d-----w c:\users\Administrator\AppData\Roaming\vlc
2009-04-13 02:30 . 2009-04-21 00:58 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\program files\QuickTime
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\progra~2\Apple Computer
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\users\All Users\Apple Computer
2009-04-04 12:07 . 2009-04-04 12:07 -------- d-----w c:\users\Administrator\AppData\Local\Yahoo
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\progra~2\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\users\All Users\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\progra~2\Office Genuine Advantage
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\users\All Users\Office Genuine Advantage
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 13:55 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-04-30 12:21 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-28 12:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-28 12:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-28 12:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-04 03:44 . 2007-04-17 20:09 -------- d-----w c:\program files\Java
2009-04-03 18:15 . 2009-04-03 18:15 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-03 18:15 . 2009-04-03 18:15 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-03 18:15 . 2009-04-03 18:15 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-03 18:15 . 2009-04-03 18:15 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-03 18:15 . 2009-04-03 18:15 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-03 18:15 . 2009-04-03 18:15 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-13 12:29 . 2009-02-24 12:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 18:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-23 03:57 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-23 03:57 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-23 03:57 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-23 03:57 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-23 03:57 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-23 03:57 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-23 03:57 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-23 03:57 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-23 03:57 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-23 03:57 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-23 03:57 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-23 03:57 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-23 03:57 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-23 03:57 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-23 03:57 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-23 03:57 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-23 03:57 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-23 03:57 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
2009-02-24 12:58 . 2009-02-24 12:58 561688 ----a-w c:\windows\system32\wuapi.dll
2009-02-24 12:58 . 2009-02-24 12:58 34328 ----a-w c:\windows\system32\wups.dll
2009-02-24 12:57 . 2009-02-24 12:57 31232 ----a-w c:\windows\system32\wuapp.exe
2009-02-24 12:57 . 2009-02-24 12:57 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-02-12 11:39 . 2009-02-12 11:39 12712 ----a-w c:\windows\system32\drivers\FJGSDisk.sys
2009-02-12 11:04 . 2009-02-12 11:04 99864 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 omnipass;omnipass; [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-27 122008]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-02-12 12712]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-12-22 63016]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-01-11 12288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-23 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 23:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys 83968 bytes executable
c:\windows\system32\ovfsthcettpcbilowcpvbnbrrtoxuskymsmlpq.dat 2418 bytes
c:\windows\system32\ovfsthcqwtjumvsbmiftubdoffvqylchcbxsts.dll 19456 bytes executable
c:\windows\system32\ovfstheepxdcrrgqbynuertsfkdmteyxngdrmp.dll 17920 bytes executable
c:\windows\system32\ovfsthldbowyvnoponfggajnivdmqoykldkjxj.dll 17920 bytes executable
c:\windows\system32\ovfsthqfrvipyftqqurimqilppwtmdmctqvgbv.dll 61440 bytes executable
c:\windows\system32\ovfsthyenaicmkengblcuyxqsdpjpmepvhsruj.dll 19456 bytes executable
c:\users\madPC\AppData\Local\Temp\ovfsth000 0 bytes
c:\windows\TEMP\ovfsthjrxxsbdkny.tmp 23040 bytes executable

scan completed successfully
hidden files: 9

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet001\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet002\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet003\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet004\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet005\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet006\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet007\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet008\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet009\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet010\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet011\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet012\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet013\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet013\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\System32\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-04-30 23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 14:16

Pre-Run: 36,160,290,816 bytes free
Post-Run: 35,685,863,424 bytes free

511 --- E O F --- 2009-04-21 02:21



Ran Malwarebytes - detected 6 trojans of win32.tdss.rtk

Uninstalled adobe 8.3
Installed adobe 9.1

Uninstall java
Installed java

Ran ATF cleaner


Ran dds


DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 1:41:40.72 on 01-May-09 Fri
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1156 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1

\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk -

c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-

1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} -

hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} -

hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program

files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-

8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009

-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32

\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-

aware\AAWService.exe [2009-3-10 953168]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program

files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program

files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15

5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2

30720]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe

[2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-04-30 23:37 284,748,436 a------- c:\windows\MEMORY.DMP
2009-04-30 21:49 161,792 a------- c:\windows\SWREG.exe
2009-04-30 21:49 98,816 a------- c:\windows\sed.exe
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 549 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common

files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-24 10:04 155 a------- c:\windows\system32\SelfDel.bat
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security

Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-19 03:18 <DIR> --d----- c:\users\madPC\appdata\roaming\Malwarebytes
2009-04-18 12:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-18 12:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 12:46 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-18 12:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 12:46 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-17 00:46 0 a---h--- c:\windows\system32

\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:13 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-17 00:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-17 00:13 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-04-17 00:13 15,360 a------- c:\windows\system32\pacerprf.dll
2009-04-17 00:12 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-17 00:12 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-04-17 00:12 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-04-17 00:12 45,056 a------- c:\windows\system32\dataclen.dll
2009-04-17 00:12 36,864 a------- c:\windows\system32\cdd.dll
2009-04-17 00:12 180,224 a------- c:\windows\system32\scrobj.dll
2009-04-17 00:12 172,032 a------- c:\windows\system32\scrrun.dll
2009-04-17 00:12 155,648 a------- c:\windows\system32\wscript.exe
2009-04-17 00:12 135,168 a------- c:\windows\system32\wshom.ocx
2009-04-17 00:12 135,168 a------- c:\windows\system32\cscript.exe
2009-04-17 00:12 90,112 a------- c:\windows\system32\wshext.dll
2009-04-16 23:58 <DIR> --d----- C:\PerfLogs
2009-04-16 20:18 866,816 a------- c:\windows\system32\wmpmde.dll
2009-04-16 20:17 222,720 a------- c:\windows\system32\wavemsp.dll
2009-04-16 20:16 246,784 a------- c:\windows\system32\drvstore.dll
2009-04-16 20:16 305,152 a------- c:\windows\system32\msdelta.dll
2009-04-16 20:16 258,560 a------- c:\windows\system32\dpx.dll
2009-04-16 20:16 35,328 a------- c:\windows\system32\mspatcha.dll
2009-04-16 01:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-16 00:49 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-

FE5819D6772F}
2009-04-16 00:49 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-

FE5819D6772F}
2009-04-16 00:49 <DIR> --d----- c:\programdata\Lavasoft
2009-04-16 00:49 <DIR> --d----- c:\program files\Lavasoft
2009-04-15 17:26 <DIR> --d----- c:\program files\Toshiba
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:15 118 a------- c:\windows\system32\MRT.INI
2009-04-13 15:58 <DIR> --d----- C:\!KillBox
2009-04-13 14:30 <DIR> --d----- c:\programdata\Apple
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-13 11:01 <DIR> --d----- c:\programdata\Apple Computer
2009-04-04 20:22 <DIR> --d----- c:\programdata\Yahoo!
2009-04-04 20:22 <DIR> --d----- c:\program files\Yahoo!
2009-04-04 11:09 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32

\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\msdxm.ocx
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:37 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-04 03:08 105,016 a------- c:\windows\system32

\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32

\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:54 15,138,816 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-04-04 02:54 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-04-04 02:54 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:35 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll

==================== Find3M ====================

2009-05-01 01:32 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-28 21:52 51,200 a------- c:\windows\inf\infpub.dat
2009-04-28 21:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-28 21:52 86,016 a------- c:\windows\inf\infstor.dat
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-08 21:04 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 21:04 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 21:03 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 21:03 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 21:03 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 21:03 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 21:03 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 21:03 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 21:03 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 21:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 21:02 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 21:02 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 21:02 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 21:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 21:01 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 21:01 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 21:01 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 20:52 156,160 a------- c:\windows\system32\msls31.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:42:35.86 ===============


Created own cfscript

DDS::
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

 

[madPC]

Logging Logs p2/2

Here's the list of what I did (again), but with their respective logs (post 2/2)

Ran ComboFix with CFscript (reboot took very long)

ComboFix 09-04-29.03 - madPC May-09 Fri 2:14.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.918 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys
c:\windows\system32\ovfsthcettpcbilowcpvbnbrrtoxuskymsmlpq.dat
c:\windows\system32\ovfsthqfrvipyftqqurimqilppwtmdmctqvgbv.dll
c:\windows\system32\ovfsthxrphqddxovwqbiwrsqamqnkbvxcvopyy.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie
-------\Service_ovfsthpxajutfymxxiilmgqiipvmspngcojhie


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-04-30 09:53 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\progra~2\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\progra~2\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\progra~2\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\progra~2\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent
2009-04-13 06:28 . 2009-04-28 07:57 -------- d-----w C:\!KillBox
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\program files\Apple Software Update
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\progra~2\Apple
2009-04-13 05:00 . 2009-04-13 05:00 -------- d-----w c:\users\All Users\Apple
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-13 02:57 . 2009-04-13 03:14 -------- d-----w c:\users\Administrator\AppData\Roaming\vlc
2009-04-13 02:30 . 2009-04-21 00:58 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\program files\QuickTime
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\progra~2\Apple Computer
2009-04-13 01:31 . 2009-04-13 05:01 -------- d-----w c:\users\All Users\Apple Computer
2009-04-04 12:07 . 2009-04-04 12:07 -------- d-----w c:\users\Administrator\AppData\Local\Yahoo
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\progra~2\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\users\All Users\Yahoo!
2009-04-04 10:52 . 2009-04-04 12:06 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\progra~2\Office Genuine Advantage
2009-04-04 01:39 . 2009-04-04 01:39 -------- d-----w c:\users\All Users\Office Genuine Advantage
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 16:48 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-04-30 16:02 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-30 15:59 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-30 15:06 . 2007-04-17 20:09 -------- d-----w c:\program files\Java
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-28 12:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-28 12:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-28 12:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-03 18:15 . 2009-04-03 18:15 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-03 18:15 . 2009-04-03 18:15 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-03 18:15 . 2009-04-03 18:15 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-03 18:15 . 2009-04-03 18:15 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-03 18:15 . 2009-04-03 18:15 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-03 18:15 . 2009-04-03 18:15 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-13 12:29 . 2009-02-24 12:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 11:34 . 2009-04-23 03:57 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-23 03:57 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-23 03:57 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-23 03:57 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-23 03:57 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-23 03:57 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-23 03:57 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-23 03:57 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-23 03:57 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-23 03:57 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-23 03:57 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-23 03:57 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-23 03:57 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-23 03:57 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-23 03:57 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-23 03:57 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-23 03:57 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-23 03:57 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
2009-02-24 12:58 . 2009-02-24 12:58 561688 ----a-w c:\windows\system32\wuapi.dll
2009-02-24 12:58 . 2009-02-24 12:58 34328 ----a-w c:\windows\system32\wups.dll
2009-02-24 12:57 . 2009-02-24 12:57 31232 ----a-w c:\windows\system32\wuapp.exe
2009-02-24 12:57 . 2009-02-24 12:57 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-02-12 11:39 . 2009-02-12 11:39 12712 ----a-w c:\windows\system32\drivers\FJGSDisk.sys
2009-02-12 11:04 . 2009-02-12 11:04 99864 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_14.14.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-04-30 16:44 64424 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-04-30 16:44 73160 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-12 11:06 . 2009-04-30 14:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-04-30 17:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-04-30 17:00 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-12 11:06 . 2009-04-30 14:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 11:06 . 2009-04-30 17:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-12 11:06 . 2009-04-30 14:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-24 15:36 . 2009-04-30 16:01 7068 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-500_UserData.bin
+ 2009-02-12 11:10 . 2009-04-30 16:44 7690 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-04-30 16:48 608884 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-30 13:55 608884 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-30 16:48 105952 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-04-30 13:55 105952 c:\windows\System32\perfc009.dat
+ 2009-04-30 16:02 . 2009-04-30 16:02 148888 c:\windows\System32\javaws.exe
- 2009-04-04 03:44 . 2009-03-08 18:49 148888 c:\windows\System32\javaws.exe
+ 2009-04-30 16:02 . 2009-04-30 16:02 144792 c:\windows\System32\javaw.exe
- 2009-04-04 03:44 . 2009-03-08 18:49 144792 c:\windows\System32\javaw.exe
+ 2009-04-30 16:02 . 2009-04-30 16:02 144792 c:\windows\System32\java.exe
- 2009-04-04 03:44 . 2009-03-08 18:49 144792 c:\windows\System32\java.exe
+ 2009-04-23 04:08 . 2009-04-30 17:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-23 04:08 . 2009-04-30 14:07 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-30 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 omnipass;omnipass; [x]
R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-27 122008]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-02-12 12712]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-12-22 63016]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-01-11 12288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-23 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 192.231.203.132,192.231.203.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 02:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys 83968 bytes executable
c:\users\madPC\AppData\Local\Temp\ovfsth000 0 bytes
c:\windows\system32\ovfsthcqwtjumvsbmiftubdoffvqylchcbxsts.dll 19456 bytes executable
c:\windows\system32\ovfstheepxdcrrgqbynuertsfkdmteyxngdrmp.dll 17920 bytes executable
c:\windows\system32\ovfsthipwuyfcrvqhiqmocbrwvtlrqtfeiqaop.dll 19456 bytes executable
c:\windows\system32\ovfsthldbowyvnoponfggajnivdmqoykldkjxj.dll 17920 bytes executable
c:\windows\system32\ovfsthojhciexsbonadxsisnexsijrtkqxupfq.dll 17920 bytes executable
c:\windows\system32\ovfsthtdleeqrnjcpnbifqubxbpcdbypxcfstv.dat 267 bytes
c:\windows\system32\ovfsthxnpqyrytpqvbqrgmkblsdcuidpxtmafp.dll 61440 bytes executable
c:\windows\system32\ovfsthyenaicmkengblcuyxqsdpjpmepvhsruj.dll 19456 bytes executable
c:\windows\TEMP\ovfsthjrxxsbdkny.tmp 23040 bytes executable

scan completed successfully
hidden files: 11

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet001\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet002\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet003\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet004\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet005\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet006\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet007\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet008\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet009\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet010\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000

[HKEY_USERS\system\ControlSet011\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet012\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"

[HKEY_USERS\system\ControlSet013\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet013\Services\ovfsthpxajutfymxxiilmgqiipvmspngcojhie]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthnwawaalkwgxjdtxdrfddfrwlrlxassxn.sys"
"inst"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\System32\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-04-30 2:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 17:06
ComboFix2.txt 2009-04-30 14:16

Pre-Run: 42,927,898,624 bytes free
Post-Run: 42,895,994,880 bytes free

544 --- E O F --- 2009-04-21 02:21


Ran ATF cleaner


Rebooted (took very long)


I believe the next thing you're going to ask me to do is uninstall my P2P program - do you advise I do that in the admin account in safe mode / admin account in normal mode / my account in normal mode? :thanks:

 

[Blade81]

Hi

I believe the next thing you're going to ask me to do is uninstall my P2P program

Well guessed Do uninstalling with your account from normal mode if it has admin privileges (= rights to do uninstalling). Otherwise use admin account (in normal mode).

After that re-run ComboFix (let it update itself) and post back its report & a fresh dds.txt log contents, please.

 

[madPC]

ComboFix and DDS Logs

ComboFix 09-05-13.02 - madPC May-09 Thu 17:46.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1073 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w c:\users\madPC\AppData\Local\Apple Computer
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 08:29 . 2009-05-01 08:29 -------- d-----w c:\users\madPC\AppData\Local\Apple
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:36 . 2009-05-01 01:48 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-24 00:34 . 2009-04-24 00:34 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 17:48 . 2009-04-18 17:48 -------- d-----w c:\users\madPC\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:43 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-16 14:43 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 14:43 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-04-16 14:43 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
2009-04-16 14:42 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll
2009-04-16 14:42 . 2008-08-02 01:01 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-04-16 14:42 . 2008-06-26 03:29 45056 ----a-w c:\windows\system32\dataclen.dll
2009-04-16 14:42 . 2008-05-20 02:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-16 14:42 . 2008-08-02 03:26 36864 ----a-w c:\windows\system32\cdd.dll
2009-04-16 14:42 . 2008-05-08 21:59 430080 ----a-w c:\windows\system32\vbscript.dll
2009-04-16 14:42 . 2008-05-08 21:59 90112 ----a-w c:\windows\system32\wshext.dll
2009-04-16 14:42 . 2008-05-08 21:59 155648 ----a-w c:\windows\system32\wscript.exe
2009-04-16 14:42 . 2008-05-08 21:58 135168 ----a-w c:\windows\system32\cscript.exe
2009-04-16 14:42 . 2008-05-08 21:59 180224 ----a-w c:\windows\system32\scrobj.dll
2009-04-16 14:42 . 2008-05-08 21:59 172032 ----a-w c:\windows\system32\scrrun.dll
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-16 14:34 . 2009-04-16 14:34 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-16 14:33 . 2009-04-16 14:33 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w C:\PerfLogs
2009-04-16 10:48 . 2008-01-19 07:35 210432 ----a-w c:\windows\system32\msv1_0.dll
2009-04-16 10:47 . 2008-01-19 07:36 222720 ----a-w c:\windows\system32\wavemsp.dll
2009-04-16 10:46 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 10:46 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-16 10:46 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 10:46 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-15 15:52 . 2009-04-21 14:34 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\programdata\Lavasoft
2009-04-15 15:19 . 2009-04-15 15:22 -------- d-----w c:\users\All Users\Lavasoft
2009-04-15 08:12 . 2009-04-15 08:12 -------- d-----w c:\users\madPC\AppData\Roaming\Toshiba
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:38 . 2009-04-15 06:38 -------- d-----w c:\users\Administrator\AppData\Roaming\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 07:55 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:59 . 2009-02-25 12:30 -------- d-----w c:\program files\DNA
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-04-03 17:04 . 2009-04-03 17:04 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-03-08 19:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 12:58 . 2009-02-24 12:58 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-02-24 12:58 . 2009-02-24 12:58 43544 ----a-w c:\windows\system32\wups2.dll
2009-02-24 12:58 . 2009-02-24 12:58 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-02-24 12:58 . 2009-02-24 12:58 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-02-24 12:58 . 2009-02-24 12:58 83456 ----a-w c:\windows\system32\wudriver.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{7DD80389-BAEB-42DD-A05F-880619A84500}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{3935BD02-4B40-439B-86EA-B4F99566E630}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [18-Apr-09 Sat 12:46 PM 38496]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 17:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\madPC\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-05-14 17:50
ComboFix-quarantined-files.txt 2009-05-14 08:20
ComboFix2.txt 2009-05-01 05:04
ComboFix3.txt 2009-04-30 17:06
ComboFix4.txt 2009-04-30 14:16

Pre-Run: 27,697,840,128 bytes free
Post-Run: 27,514,118,144 bytes free

340 --- E O F --- 2009-05-01 06:49





DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 0:00:06.58 on 15-May-09 Fri
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.958 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-18 38496]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-05-14 17:44 161,792 a------- c:\windows\SWREG.exe
2009-05-14 17:44 98,816 a------- c:\windows\sed.exe
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-24 10:04 155 a------- c:\windows\system32\SelfDel.bat
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-19 03:18 <DIR> --d----- c:\users\madPC\appdata\roaming\Malwarebytes
2009-04-18 12:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-18 12:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 12:46 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-18 12:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 12:46 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:13 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-17 00:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-17 00:13 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-04-17 00:13 15,360 a------- c:\windows\system32\pacerprf.dll
2009-04-16 23:58 <DIR> --d----- C:\PerfLogs
2009-04-16 20:18 866,816 a------- c:\windows\system32\wmpmde.dll
2009-04-16 20:17 222,720 a------- c:\windows\system32\wavemsp.dll
2009-04-16 20:16 246,784 a------- c:\windows\system32\drvstore.dll
2009-04-16 20:16 305,152 a------- c:\windows\system32\msdelta.dll
2009-04-16 20:16 258,560 a------- c:\windows\system32\dpx.dll
2009-04-16 20:16 35,328 a------- c:\windows\system32\mspatcha.dll
2009-04-16 01:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-16 00:49 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 00:49 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 00:49 <DIR> --d----- c:\programdata\Lavasoft
2009-04-16 00:49 <DIR> --d----- c:\program files\Lavasoft
2009-04-15 17:26 <DIR> --d----- c:\program files\Toshiba
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:15 118 a------- c:\windows\system32\MRT.INI
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll

==================== Find3M ====================

2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:00:42.11 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 14-May-09 Thu 11:44:40 PM (1 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 25.216 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.895 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32

==== System Restore Points ===================

RP239: 10-May-09 Sun 6:03:38 AM - Device Driver Package Install: Intel IDE ATA/ATAPI controllers
RP240: 11-May-09 Mon 12:42:02 AM - Scheduled Checkpoint
RP241: 12-May-09 Tue 1:48:53 AM - Scheduled Checkpoint
RP242: 13-May-09 Wed 12:53:43 AM - Scheduled Checkpoint
RP243: 13-May-09 Wed 1:33:15 AM - Windows Update
RP244: 14-May-09 Thu 12:49:49 AM - Scheduled Checkpoint
RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

12-May-09 Tue 8:18:16 AM, Error: EventLog [6008] - The previous system shutdown at 1:56:51 AM on 5/12/2009 was unexpected.
09-May-09 Sat 12:22:56 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
09-May-09 Sat 12:22:56 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
08-May-09 Fri 2:30:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
08-May-09 Fri 2:30:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
08-May-09 Fri 2:29:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
08-May-09 Fri 2:28:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
08-May-09 Fri 2:27:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
08-May-09 Fri 2:27:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Irmon service.
08-May-09 Fri 2:26:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
08-May-09 Fri 2:26:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
08-May-09 Fri 2:25:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
08-May-09 Fri 11:51:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
08-May-09 Fri 11:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
08-May-09 Fri 11:50:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx Tosrfcom Wanarpv6 ws2ifsl
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08-May-09 Fri 11:50:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

==== End Of File ===========================

 

[Blade81]

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\SelfDel.bat

Folder::
c:\users\Administrator\AppData\Roaming\BitTorrent
c:\program files\BitTorrent
c:\program files\DNA

DirLook::
c:\windows\system32\%APPDATA%

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDC82CFA-D149-4A61-8FEE-0F5D7501CC0A}"=-
"{7DD80389-BAEB-42DD-A05F-880619A84500}"=-
"{4C2B38A4-E717-43A4-BC01-3A065B2B9A3F}"=-
"{3935BD02-4B40-439B-86EA-B4F99566E630}"=-
"TCP Query User{A7928B77-F859-453F-ACE0-E4419FFFEE0A}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{A3C6541E-F6AD-46D5-A349-82A8756C8428}c:\\program files\\bittorrent\\bittorrent.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

 

[madPC]

ComboFix Log, Kaspersky failed

Hi

This is how I followed your instructions and what happened:

1. Created CFScript.txt on desktop

2. Disconnected LAN cable, Switched off WiFi switch

3. Shut all windows open in the taskbar

4. Disabled SAV (tray icon), Windows Defender, Windows Firewall

5. Exited Ad-Aware from tray

6. Set 'startup type' for the SAV and Lavasoft Services to Manual (forgot about Windows Defender) - did this just in case ComboFix would need to reboot and then re-run itself

7. Dragged CFScript.txt onto ComboFix.exe (on desktop)

8. Saved ComboFix log

9. Ran ATF Cleaner as per instructions

10. Reset 'startup type' for all aforementioned Services to Automatic

11. Re-enabled Windows Firewall, Windows Defender

12. Rebooted PC

13. SAV wouldn't leave Auto-Protect on for more than 3 seconds. I would right click the icon, select Enable Auto-Protect and the icon would look fine, until only after 3 seconds, it would revert back to Auto-Protect Disabled.

14. Rebooted again and it was OK. Re-connected LAN cable.

15. Kaspersky Online Scanner gave me this error: 'Starting Java applet has failed! Please go online to use this program.' even though the Java icon was visible in the tray and even when I tried to add http://www.kaspersky.com to the Trusted Zone in the IE Security Settings.



Here's the ComboFix log, by the way:

ComboFix 09-05-13.02 - madPC May-09 Sun 18:32.5 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1230 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
c:\windows\system32\SelfDel.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\users\Administrator\AppData\Roaming\BitTorrent
c:\users\Administrator\AppData\Roaming\BitTorrent\dht.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\resume.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\rss.dat
c:\users\Administrator\AppData\Roaming\BitTorrent\settings.dat
c:\windows\system32\SelfDel.bat

.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-16 07:01 . 2009-05-16 07:01 -------- d-----w c:\windows\LastGood
2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w c:\users\madPC\AppData\Local\Apple Computer
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 08:29 . 2009-05-01 08:29 -------- d-----w c:\users\madPC\AppData\Local\Apple
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:36 . 2009-05-01 01:48 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 17:48 . 2009-04-18 17:48 -------- d-----w c:\users\madPC\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-04-18 03:16 . 2009-04-06 06:02 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 03:16 . 2009-04-06 06:02 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 14:13 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-04-03 17:04 . 2009-04-03 17:04 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-03-08 19:49 . 2009-03-13 13:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-24 15:53 . 2009-02-24 15:53 0 ----a-w c:\windows\nsreg.dat
2009-02-24 15:35 . 2009-02-24 15:35 99864 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\%APPDATA% ----

2009-04-28 20:04 . 2009-04-28 20:04 16384 --sha-w c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat


((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-05-14 14:17 66104 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-14 14:17 74892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
- 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
+ 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 11:06 . 2009-05-16 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-16 07:01 . 2006-11-02 08:51 13312 c:\windows\LastGood\system32\DRIVERS\sfloppy.sys
- 2009-02-12 11:10 . 2009-05-14 07:59 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-02-12 11:10 . 2009-05-14 14:17 8558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-14 14:15 . 2009-05-14 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-16 11:30 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-16 11:30 111398 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af316a4d-0271-11de-ab37-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 18:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-17 18:37
ComboFix-quarantined-files.txt 2009-05-17 09:07
ComboFix2.txt 2009-05-01 05:04
ComboFix3.txt 2009-04-30 17:06
ComboFix4.txt 2009-04-30 14:16

Pre-Run: 26,645,606,400 bytes free
Post-Run: 26,554,630,144 bytes free

322 --- E O F --- 2009-05-01 06:49


Thanks!

 

[Blade81]

Hi

Let's see this one instead of online version then

Download the latest version of Kaspersky Virus Removal Tool

* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Post also a fresh dds.txt log. How's the system running?

 

[madPC]

Kaspersky Report, DDS Logs

Hi blade81,

Thanks for the suggested workaround. As requested:

Kaspersky Report (Detected)

Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Dropper.Win32.Agent.anje File: C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]\Windows XP WPA Kill (TRIED IN SAFE MODE !!! )\WPA_KILL.EXE//data0000.cab/codec.exe


DDS Logs

DDS


DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 17:31:11.33 on 20-May-09 Wed
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1116 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kaspersky.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-17 18:31 <DIR> --d----- C:\ComboFix
2009-05-14 17:44 161,792 a------- c:\windows\SWREG.exe
2009-05-14 17:44 98,816 a------- c:\windows\sed.exe
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys

==================== Find3M ====================

2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:32:06.95 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 20-May-09 Wed 5:22:12 PM (0 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 23.049 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.895 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32

==== System Restore Points ===================

RP244: 14-May-09 Thu 12:49:49 AM - Scheduled Checkpoint
RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

==== End Of File ===========================


How's the system working?

Annoyingly slow. When I empty the Recycle Bin, it's icon doesn't change. I wasn't even able to open the AVPT.txt file with Notepad as it caused it to hang each time. Eventually got it to open with Wordpad. Lastly, the Kaspersky scan took more than 15 hours!

Something's still quite wrong mate...

 

[Blade81]

Hi

Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.


Upload following file to Virustotal and post back the results:
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat



Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO]

DirLook::
C:\Users\madPC\Downloads

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.



Have you defragged hard drive lately? If not please try Jkdefrag for example.

 

[madPC]

Virustotal results, ComboFix log, DDS log, HDD De-frag

Hi blade81,

As requested:

Virustotal.com results for c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

http://www.virustotal.com/analisis/0e94869a2fa00aa3cf58964ec3645da8


ComboFix log

The "DirLook" part of the results are in the txt file contained in the attached zip file.

ComboFix 09-05-20.09 - madPC May-09 Thu 11:56.6 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1101 [GMT 9.5:30]
Running from: c:\users\madPC\Desktop\ComboFix.exe
Command switches used :: c:\users\madPC\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SSubTmr6.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\madPC\AppData\Local\temp
2009-05-21 02:29 . 2009-05-21 02:29 -------- d-----w c:\users\Administrator\AppData\Local\temp
2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\programdata\is-S4G4L
2009-05-19 15:59 . 2009-05-19 15:59 -------- d-----w c:\users\All Users\is-S4G4L
2009-05-19 15:59 . 2009-05-20 07:51 1286176 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-18 09:23 . 2009-05-18 09:42 -------- d-----w c:\users\madPC\AppData\Roaming\vlc
2009-05-17 12:28 . 2009-05-17 12:28 -------- d-----w c:\users\madPC\AppData\Local\Adobe
2009-05-11 15:21 . 2009-05-11 15:42 -------- d-----w c:\program files\UltraVNC
2009-05-09 20:33 . 2008-05-25 12:53 317976 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-09 17:38 . 2009-05-09 17:38 -------- d-----w c:\program files\ERUNT
2009-05-09 16:27 . 2009-05-09 16:27 -------- d-----w c:\program files\Trend Micro
2009-05-06 06:17 . 2009-05-06 06:17 -------- d-----w c:\users\madPC\AppData\Roaming\iScreensaver
2009-05-05 18:16 . 2009-05-05 18:16 -------- d-----w c:\windows\TweakVI
2009-05-05 18:16 . 2009-05-05 18:17 -------- d-----w c:\program files\TweakVI
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\programdata\WindowsSearch
2009-05-01 04:14 . 2009-05-01 04:14 -------- d-----w c:\users\All Users\WindowsSearch
2009-05-01 02:14 . 2009-05-01 04:15 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-01 02:02 . 2009-05-01 05:39 -------- d-----w c:\program files\Java
2009-05-01 01:01 . 2009-05-01 01:01 680 ----a-w c:\users\madPC\AppData\Local\d3d9caps.dat
2009-04-30 18:12 . 2009-04-30 18:12 -------- d-----w c:\windows\Sun
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 09:59 . 2009-04-30 09:59 -------- d-----w c:\users\Administrator\DoctorWeb
2009-04-30 09:53 . 2009-05-01 01:11 -------- d-----w c:\users\madPC\DoctorWeb
2009-04-30 07:13 . 2009-04-30 07:13 -------- d-----w c:\users\madPC\AppData\Local\Symantec
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\users\Administrator\AppData\Local\Symantec
2009-04-29 16:41 . 2009-04-29 16:41 109744 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\programdata\Symantec
2009-04-29 16:40 . 2009-04-29 16:42 -------- d-----w c:\users\All Users\Symantec
2009-04-29 16:40 . 2009-04-29 16:40 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-29 16:40 . 2009-04-29 16:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-28 20:04 . 2009-04-28 20:04 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-28 12:31 . 2009-04-28 12:31 -------- d-----w c:\program files\CCleaner
2009-04-28 12:17 . 2009-04-28 12:21 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-28 12:17 . 2009-04-28 12:22 -------- d-----w c:\program files\Windows Live
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\programdata\WLInstaller
2009-04-28 12:17 . 2009-04-28 12:17 -------- d-----w c:\users\All Users\WLInstaller
2009-04-26 09:08 . 2009-04-26 09:08 -------- d-----w c:\program files\PC Optimizer Pro
2009-04-24 14:35 . 2009-04-24 14:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-23 03:28 . 2009-04-23 03:28 -------- d-----w c:\program files\vLite
2009-04-22 12:17 . 2009-04-22 12:20 -------- d-----w c:\users\madPC\SecurityScans
2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-21 14:34 . 2009-04-21 14:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 01:33 . 2009-02-24 16:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-20 07:51 . 2009-05-19 15:59 16148 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 20:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 20:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 20:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-01 13:42 . 2009-02-12 11:12 99864 ----a-w c:\users\madPC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:44 . 2007-04-17 23:55 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:33 . 2007-04-17 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 16:41 . 2009-04-29 16:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 16:41 . 2009-04-29 16:41 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 12:22 . 2009-02-24 16:14 -------- d-----w c:\program files\MSN Messenger
2009-04-21 14:34 . 2009-04-15 15:52 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-21 00:58 . 2009-04-13 02:30 680 ----a-w c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-04-18 03:16 . 2009-04-18 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 15:16 . 2009-04-16 15:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-16 14:36 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 14:29 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 14:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:28 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 14:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 12:06 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-16 12:06 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-----w c:\program files\Lavasoft
2009-04-15 07:56 . 2009-04-15 07:56 -------- d-----w c:\program files\Toshiba
2009-04-15 06:46 . 2009-04-15 06:46 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 06:46 . 2009-04-15 06:46 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 06:46 . 2009-04-15 06:46 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 06:40 . 2009-04-15 06:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-15 06:40 . 2009-04-15 06:40 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-15 06:40 . 2009-04-15 06:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 06:40 . 2009-04-15 06:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-15 06:40 . 2009-04-15 06:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-13 05:01 . 2009-04-13 01:31 -------- d-----w c:\program files\QuickTime
2009-04-13 03:04 . 2009-04-13 03:04 269312 ----a-w c:\windows\system32\es.dll
2009-04-06 06:02 . 2009-04-18 03:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 06:02 . 2009-04-18 03:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 12:06 . 2009-04-04 10:52 -------- d-----w c:\program files\Yahoo!
2009-04-04 01:57 . 2009-04-04 01:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-03 18:28 . 2009-04-03 18:28 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-03 18:28 . 2009-04-03 18:28 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-03 18:28 . 2009-04-03 18:28 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-03 18:28 . 2009-04-03 18:28 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-03 18:19 . 2009-04-03 18:19 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-03 18:17 . 2009-04-03 18:17 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-03 18:15 . 2009-04-03 18:15 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-03 18:15 . 2009-04-03 18:15 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-03 18:15 . 2009-04-03 18:15 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-03 18:14 . 2009-04-03 18:14 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-03 18:13 . 2009-04-03 18:13 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-03 18:13 . 2009-04-03 18:13 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-03 18:09 . 2009-04-03 18:09 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-03 18:09 . 2009-04-03 18:09 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-03 18:09 . 2009-04-03 18:09 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-03 18:07 . 2009-04-03 18:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-03 18:04 . 2009-04-03 18:04 2927104 ----a-w c:\windows\explorer.exe
2009-04-03 17:56 . 2009-04-03 17:56 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-03 17:56 . 2009-04-03 17:56 988216 ----a-w c:\windows\system32\winload.exe
2009-04-03 17:56 . 2009-04-03 17:56 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-03 17:56 . 2009-04-03 17:56 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-03 17:56 . 2009-04-03 17:56 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-03 17:56 . 2009-04-03 17:56 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-03 17:56 . 2009-04-03 17:56 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-03 17:56 . 2009-04-03 17:56 615992 ----a-w c:\windows\system32\ci.dll
2009-04-03 17:56 . 2009-04-03 17:56 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-03 17:56 . 2009-04-03 17:56 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-03 17:51 . 2009-04-03 17:51 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-03 17:51 . 2009-04-03 17:51 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-03 17:50 . 2009-04-03 17:50 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-03 17:50 . 2009-04-03 17:50 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-03 17:48 . 2009-04-03 17:48 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-03 17:41 . 2009-04-03 17:41 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-03 17:38 . 2009-04-03 17:38 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-03 17:38 . 2009-04-03 17:38 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-03 17:38 . 2009-04-03 17:38 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-03 17:38 . 2009-04-03 17:38 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-03 17:38 . 2009-04-03 17:38 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-03 17:38 . 2009-04-03 17:38 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-03 17:22 . 2009-04-03 17:22 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-03 17:22 . 2009-04-03 17:22 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-03 17:22 . 2009-04-03 17:22 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-03 17:22 . 2009-04-03 17:22 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-03 17:22 . 2009-04-03 17:22 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-03 17:07 . 2009-04-03 17:07 2868736 ----a-w c:\windows\system32\mf.dll
2009-04-03 17:07 . 2009-04-03 17:07 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-04-03 17:07 . 2009-04-03 17:07 98816 ----a-w c:\windows\system32\mfps.dll
2009-04-03 17:07 . 2009-04-03 17:07 94720 ----a-w c:\windows\system32\logagent.exe
2009-04-03 17:07 . 2009-04-03 17:07 53248 ----a-w c:\windows\system32\rrinstaller.exe
2009-04-03 17:07 . 2009-04-03 17:07 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-04-03 17:07 . 2009-04-03 17:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-03 17:06 . 2009-04-03 17:06 84480 ----a-w c:\windows\system32\INETRES.dll
2009-04-03 17:06 . 2009-04-03 17:06 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-04-03 17:06 . 2009-04-03 17:06 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-03 17:05 . 2009-04-03 17:05 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-03 17:05 . 2009-04-03 17:05 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-03 17:05 . 2009-04-03 17:05 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 17:04 . 2009-04-03 17:04 1334272 ----a-w c:\windows\system32\msxml6.dll

.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_08.18.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 21:23 . 2009-05-21 01:38 66382 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-21 01:38 74980 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-16 10:47 . 2008-01-19 05:49 13312 c:\windows\System32\drivers\sfloppy.sys
- 2006-11-02 08:51 . 2006-11-02 08:51 13312 c:\windows\System32\drivers\sfloppy.sys
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 11:06 . 2009-05-21 01:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-12 11:06 . 2009-05-14 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 11:10 . 2009-05-21 01:38 8846 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918237747-2751938533-2904961478-1000_UserData.bin
+ 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-14 07:57 . 2009-05-14 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-21 01:35 . 2009-05-21 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-21 01:41 624988 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-21 01:41 111398 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-14 08:05 111398 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-12-22 136744]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-02-12 193832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F01CE1E2-9A47-42F9-AD30-7B2AD8E08A94}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A0C6B10-FF15-4B5E-85EB-C851E3DF9E79}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{B65B13F6-BBD4-4FAB-97B8-D1406988A316}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15F91AE0-0A6A-4AD0-BC13-E97CF52E271F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4F47E1E-E573-4114-BC3B-21FD4448FC36}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"UDP Query User{241244E8-A714-4A26-8033-A8DC16D0C898}c:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:c:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp
"{4CE5628A-E049-4199-BD14-F3ACB0188262}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DBFBFA1-FF9F-4CA0-8CC1-F91FE82A7997}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF9E080F-A2A6-4E03-928C-D7AAE5BFF5AE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{04C91E26-0A58-4EB0-A38E-FB81F0A09A68}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{87C95383-720C-4E36-92C1-5A596BE3F1FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E108B469-D439-4A90-B0DD-3AF139C46756}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{134FFABB-69CF-4FC7-8226-909F636B2E28}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{124D1410-FC14-44BE-939D-2D67F33C0F7C}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{1779AE8C-BFEB-457A-99BB-C18BC6585906}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{56E26FA3-40B1-43E9-93B2-B4486709E928}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE9A3513-CF35-4D37-99A0-DFFCA39D1A94}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0DB7F9EE-FB08-45A8-9F88-1DC44EB69771}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{9FDC2135-B10F-42DC-9C8B-43532319EEAD}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\System32\drivers\FJGSDisk.sys [12-Feb-09 Thu 9:09 PM 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [15-May-07 Tue 7:13 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22-Apr-09 Wed 12:04 AM 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [04-Oct-06 Wed 6:53 AM 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [13-Oct-06 Fri 4:17 AM 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [22-Dec-06 Fri 12:12 PM 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [11-Jan-07 Thu 9:39 AM 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30-Apr-09 Thu 2:20 AM 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [15-May-07 Tue 7:12 AM 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [02-Nov-06 Thu 7:55 PM 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10-Mar-09 Tue 4:36 AM 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [03-Apr-07 Tue 12:59 AM 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [24-Feb-09 Tue 10:34 PM 3872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28-Nov-06 Tue 6:34 AM 122008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPSSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:33]

2009-05-21 c:\windows\Tasks\User_Feed_Synchronization-{3D592E6A-7BAD-4227-B6C4-7E801F98E40E}.job
- c:\windows\system32\msfeedssync.exe [2009-04-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:tabs
Trusted Zone: kaspersky.com\www
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
FF - ProfilePath - c:\users\madPC\AppData\Roaming\Mozilla\Firefox\Profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 11:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-21 12:01
ComboFix-quarantined-files.txt 2009-05-21 02:31
ComboFix2.txt 2009-05-17 09:07
ComboFix3.txt 2009-05-01 05:04
ComboFix4.txt 2009-04-30 17:06
ComboFix5.txt 2009-05-21 02:26

Pre-Run: 26,641,416,192 bytes free
Post-Run: 26,575,175,680 bytes free

1699 --- E O F --- 2009-05-01 06:49


DDS logs


DDS

DDS (Ver_09-03-16.01) - NTFSx86
Run by madPC at 12:15:51.04 on 21-May-09 Thu
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1071 [GMT 9.5:30]

AV: Symantec AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\madPC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:tabs
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kaspersky.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {01573F81-6C25-441E-983B-581898952A67} = 4.2.2.2,4.2.2.3
TCP: {7E4FEBD3-21C7-4D81-AEF7-1619DC39AC99} = 192.231.203.132,192.231.203.3
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\madPC\appdata\roaming\mozilla\firefox\profiles\34qxd13h.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-2-12 12712]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-15 208896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-12-22 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-30 101936]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-15 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 953168]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-24 3872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-05-21 12:01 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-05-21 11:56 161,792 a------- c:\windows\SWREG.exe
2009-05-21 11:56 130,048 a------- c:\windows\PEV.exe
2009-05-21 11:56 98,816 a------- c:\windows\sed.exe
2009-05-21 11:56 <DIR> --ds---- C:\ComboFix
2009-05-20 01:29 <DIR> --d----- c:\programdata\is-S4G4L
2009-05-20 01:29 <DIR> --d----- c:\progra~2\is-S4G4L
2009-05-20 01:29 1,286,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-20 01:29 16,148 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-12 00:51 <DIR> --d----- c:\program files\UltraVNC
2009-05-10 06:03 317,976 a------- c:\windows\system32\drivers\iaStor.sys
2009-05-10 01:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 15:47 <DIR> --d----- c:\users\madPC\appdata\roaming\iScreensaver
2009-05-06 03:47 0 a------- c:\windows\system32\tviresource.val
2009-05-06 03:46 <DIR> --d----- c:\windows\TweakVI
2009-05-06 03:46 <DIR> --d----- c:\program files\TweakVI
2009-05-01 13:44 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-01 11:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-30 19:23 <DIR> --d----- c:\users\madPC\DoctorWeb
2009-04-30 02:11 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-30 02:11 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-30 02:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec
2009-04-30 02:10 <DIR> --d----- c:\programdata\Symantec
2009-04-30 02:10 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-30 02:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-30 02:10 <DIR> --d----- c:\progra~2\Symantec
2009-04-30 01:50 1,061 a------- c:\windows\wininit.ini
2009-04-29 05:34 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-04-28 22:01 <DIR> --d----- c:\program files\CCleaner
2009-04-28 21:57 268 a---h--- C:\sqmdata01.sqm
2009-04-28 21:57 244 a---h--- C:\sqmnoopt01.sqm
2009-04-28 21:52 268 a---h--- C:\sqmdata00.sqm
2009-04-28 21:52 244 a---h--- C:\sqmnoopt00.sqm
2009-04-28 21:47 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-04-28 21:47 <DIR> --d----- c:\programdata\WLInstaller
2009-04-26 18:38 440,352 a------- c:\windows\system32\mshflxgd.ocx
2009-04-26 18:38 212,240 a------- c:\windows\system32\richtx32.ocx
2009-04-26 18:38 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-04-26 18:38 18,728 a------- c:\windows\system32\ishf_Ex.TLB
2009-04-26 18:38 7,752 a------- c:\windows\system32\shelllink.TLB
2009-04-26 18:38 <DIR> --d----- c:\program files\PC Optimizer Pro
2009-04-23 12:58 <DIR> --d----- c:\program files\vLite
2009-04-22 21:47 <DIR> --d----- c:\users\madPC\SecurityScans
2009-04-22 21:46 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-22 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys

==================== Find3M ====================

2009-05-10 06:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-10 06:04 51,200 a------- c:\windows\inf\infpub.dat
2009-05-10 06:04 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 00:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-17 00:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 00:06 174 a--sh--- c:\program files\desktop.ini
2009-04-16 23:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 21:36 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-16 21:36 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-15 16:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 16:16 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 16:16 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 16:10 827,392 a------- c:\windows\system32\wininet.dll
2009-04-15 16:10 72,704 a------- c:\windows\system32\admparse.dll
2009-04-15 16:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-15 16:10 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-15 16:10 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 12:34 269,312 a------- c:\windows\system32\es.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-04 03:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-04 03:58 272,896 a------- c:\windows\system32\polstore.dll
2009-04-04 03:58 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-04 03:58 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-04 03:49 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-04 03:47 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-04 03:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-04 03:45 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-04 03:45 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-04 03:45 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-04 03:45 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-04 03:45 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-04 03:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-04 03:45 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-04 03:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-04 03:44 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-04 03:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-04 03:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-04 03:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-04 03:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-04 03:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-04 03:34 2,927,104 a------- c:\windows\explorer.exe
2009-04-04 03:26 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-04 03:26 988,216 a------- c:\windows\system32\winload.exe
2009-04-04 03:26 927,288 a------- c:\windows\system32\winresume.exe
2009-04-04 03:26 378,368 a------- c:\windows\system32\srcore.dll
2009-04-04 03:26 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-04 03:26 40,960 a------- c:\windows\system32\srclient.dll
2009-04-04 03:26 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-04 03:26 615,992 a------- c:\windows\system32\ci.dll
2009-04-04 03:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-04 03:26 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-04 03:21 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-04 03:21 37,888 a------- c:\windows\system32\printcom.dll
2009-04-04 03:20 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-04 03:20 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-04 03:18 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-04 03:11 268,288 a------- c:\windows\system32\schannel.dll
2009-04-04 03:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-04 03:08 11,264 a------- c:\windows\system32\icardres.dll
2009-04-04 03:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-04 03:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-04 03:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-04 03:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-04 03:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-04 02:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-04 02:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-04 02:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-04 02:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-04 02:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-04 02:37 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-04 02:37 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-04 02:37 98,816 a------- c:\windows\system32\mfps.dll
2009-04-04 02:37 94,720 a------- c:\windows\system32\logagent.exe
2009-04-04 02:37 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-04 02:37 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-04 02:37 2,048 a------- c:\windows\system32\mferror.dll
2009-04-04 02:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-04 02:36 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-04 02:36 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-04 02:35 2,048 a------- c:\windows\system32\tzres.dll
2009-04-04 02:35 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-04 02:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-04 02:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 22:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-24 22:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-24 22:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-24 22:27 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:16:14.83 ===============


Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13-Feb-09 Fri 12:32:21 PM
System Uptime: 21-May-09 Thu 11:04:25 AM (1 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 24.84 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 46.21 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11028086&REV_61\4&38956FF8&0&00E2
Service: NETw4v32

==== System Restore Points ===================

RP245: 14-May-09 Thu 6:14:33 PM - Scheduled Checkpoint
RP246: 15-May-09 Fri 2:07:19 AM - Windows Update
RP247: 16-May-09 Sat 12:41:38 AM - Scheduled Checkpoint
RP248: 17-May-09 Sun 1:19:34 AM - Scheduled Checkpoint
RP249: 17-May-09 Sun 10:58:00 PM - Scheduled Checkpoint
RP250: 18-May-09 Mon 7:46:38 PM - Scheduled Checkpoint
RP251: 19-May-09 Tue 2:20:47 AM - Windows Update
RP252: 20-May-09 Wed 12:00:04 AM - Scheduled Checkpoint
RP253: 20-May-09 Wed 2:14:54 PM - Scheduled Checkpoint
RP254: 21-May-09 Thu 11:37:16 AM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
Bluetooth Stack for Windows by Toshiba
BT headset fix
CCleaner (remove only)
CutePDF Writer 2.7
DSTfix
ERUNT 1.1j
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Fujitsu WebCam
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
Java(TM) 6 Update 13
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NetBoard
O2Micro Flash Memory Card Windows Driver
OGA Notifier 1.7.0105.35.0
OmniPass 5.00.18
OZ711 SCR Driver V3.0.0.9A
PC Optimizer Pro ver.4.5.17
Power Saving Utility
PowerDVD
PowerProducer
QuickTime
Real Time Clock Update
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for CAPICOM (KB931906)
Shock Sensor Utility
Skype™ 3.8
Skype™ for Pocket PC 1.1
Skype™ for Windows Mobile 2.5
Spb GPRS Monitor
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TweakVI
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update Navi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
vLite
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Mobile Developer Power Toys
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7030] - The 259AF39406791205E85E436A3D1F675C service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21-May-09 Thu 11:59:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 259AF39406791205E85E436A3D1F675C service to connect.
21-May-09 Thu 11:59:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CC8BA6821EF1BEF0A685519DD778453A service to connect.
21-May-09 Thu 11:59:45 AM, Error: Service Control Manager [7030] - The CC8BA6821EF1BEF0A685519DD778453A service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21-May-09 Thu 11:56:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 6CA50881A260B02C8CC5DA96B8E897B6 service to connect.
21-May-09 Thu 11:56:48 AM, Error: Service Control Manager [7030] - The 6CA50881A260B02C8CC5DA96B8E897B6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
16-May-09 Sat 12:50:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LUKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{01573F81-6C25-441E-983B-581898952A. The master browser is stopping or an election is being forced.
14-May-09 Thu 5:32:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
14-May-09 Thu 5:31:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
14-May-09 Thu 5:30:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

==== End Of File ===========================



Defragmenting Hard disk

Vista said it had done so as recently as a just one day prior to your message. However, I downloaded Jkdefrag and ran it.

 

[Blade81]

Hi

I don't see C:\Users\madPC\Downloads\Windows XP PRO MCE SP3 MULTI - OEM Se7en Style EYE CANDY ENGLISH [ISO] folder removed yet. Since its contents looks less than legit I ask you to remove it. We don't support piracy here.

How's the system now?

 

[madPC]

Folder deleted

Hi blade81,

I don't know why the folder didn't get removed, but anyway I shift-deleted it.

As for the performance, it's very bad. The PC is running slowly, so slow that even the Recycle bin won't update it's icon when the bin's been emptied.

I also tried to update run Ad-Aware (to run a scan) but strangely the following message came up immediately: 'Connection error, check your settings.' That leads me to believe that there really is something somewhere in the system. (and I so can't wait to get it out!)

Thanks,
madPC

 

[Blade81]

Download GMER and save it your desktop:

• Extract it to your desktop and double-click GMER.exe
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

 

[madPC]

GMER log

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-28 01:05:46
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[Blade81]

That looks ok. Could you check what processes take most CPU in task manager? How much memory does the system have installed?

 

[madPC]

CPU Usage, Installed Memory

Hi,

Sorted the processes list by CPU Usage and the following kept reappearing and disappearing in the 2 minutes I spent monitoring it:

System Idle Process
firefox.exe
taskmgr.exe
taskeng.exe
ccSvcHst.exe
IAANTmon.exe
svchost.exe
Rtvscan.exe
System

As for Memory, there are two identical Samsung 1 GB DDR2 667MHz RAM sticks installed, one of which I installed the same day I bought the laptop over a year ago.

Thanks

 

[Blade81]

What kind of CPU rates there for those processes? System idle can be excluded since it's in normal conditions always like 99%.

 

[madPC]

CPU Usage Rates

Mainly between 1 and 5, though at one point firefox.exe went to 10.