Win32.TDSS.ntf

Status
Not open for further replies.
ComboFix 09-09-10.01 - Arranf_2 10/09/2009 23:57.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.988 [GMT 1:00]
Running from: c:\users\Arranf_2\Desktop\cf.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 23:06 . 2009-09-10 23:06 -------- d-----w- c:\users\Arranf_2\AppData\Local\temp
2009-09-10 23:06 . 2009-09-10 23:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-10 23:06 . 2009-09-10 23:06 -------- d-----w- c:\users\Noel\AppData\Local\temp
2009-09-10 23:06 . 2009-09-10 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-10 22:11 . 2009-09-10 22:11 -------- d-----w- c:\program files\Trend Micro
2009-09-10 22:10 . 2009-09-10 22:10 -------- d-----w- C:\rsit
2009-09-10 21:40 . 2009-09-10 21:40 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\Malwarebytes
2009-09-10 21:40 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:40 . 2009-09-10 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 21:40 . 2009-09-10 21:40 -------- d-----w- c:\programdata\Malwarebytes
2009-09-10 21:40 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 18:18 . 2009-08-27 08:17 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-09-10 18:17 . 2009-08-14 11:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-10 18:17 . 2009-08-14 11:44 70280 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-10 18:17 . 2009-07-29 08:54 46592 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-09-09 18:13 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-09 18:13 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-09 18:13 . 2009-09-09 18:13 -------- d-----w- c:\programdata\Avira
2009-09-09 17:58 . 2009-09-09 17:58 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\AVG8
2009-09-07 19:56 . 2009-09-07 19:56 32256 ----a-w- c:\windows\system32\fustyisrtl.exe
2009-09-06 08:53 . 2009-09-06 08:53 -------- d-----w- c:\program files\Spotify
2009-09-05 14:01 . 2009-09-05 14:01 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-05 13:00 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-05 13:00 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-05 13:00 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-05 13:00 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-05 13:00 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 13:00 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-05 13:00 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-05 13:00 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-02 21:29 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:29 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 02:02 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-21 22:49 . 2009-08-21 22:57 34 ----a-w- c:\users\Arranf_2\jagex_runescape_preferences.dat
2009-08-21 22:43 . 2009-08-21 22:49 -------- d-----w- C:\.jagex_cache_32
2009-08-20 13:01 . 2009-08-20 13:01 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-13 15:08 . 2009-08-13 15:08 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-13 15:08 . 2009-08-13 15:08 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-13 15:08 . 2009-08-13 15:08 -------- d-----w- c:\program files\OpenAL
2009-08-13 14:36 . 2009-08-13 14:36 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-12 13:44 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 13:44 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 13:44 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 13:44 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 13:44 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 13:44 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 13:43 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 13:43 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 09:09 . 2009-08-12 09:09 -------- d-----w- c:\program files\ltmoh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 22:44 . 2009-03-09 18:44 -------- d-----w- c:\programdata\Viewpoint
2009-09-10 22:07 . 2008-11-28 17:58 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-10 21:14 . 2009-01-31 22:20 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\uTorrent
2009-09-10 18:33 . 2008-03-08 11:04 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-09-10 18:30 . 2008-11-17 18:03 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\PCToolsFirewallPlus
2009-09-10 17:54 . 2009-03-24 21:08 -------- d-----w- c:\programdata\Google Updater
2009-09-09 18:37 . 2009-03-28 10:22 -------- d-----w- c:\program files\BTopenworld ReInstall
2009-09-05 13:44 . 2009-04-10 12:49 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\U3
2009-09-05 13:35 . 2008-11-28 17:56 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-08-28 19:08 . 2008-11-25 22:13 680 ----a-w- c:\users\Arranf_2\AppData\Local\d3d9caps.dat
2009-08-27 22:39 . 2008-11-19 19:02 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\Skype
2009-08-27 08:17 . 2009-01-17 09:47 229176 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-24 13:05 . 2009-01-17 09:47 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 10:01 . 2009-01-17 09:47 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-14 11:44 . 2009-01-17 09:46 114832 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-08-14 05:58 . 2009-09-10 18:18 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-13 14:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-08-13 14:16 . 2007-04-13 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-13 00:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:36 . 2009-08-10 18:34 -------- d-----w- c:\program files\SpeedFan
2009-08-10 15:22 . 2009-02-09 21:55 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-08 13:28 . 2009-01-06 22:57 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\vlc
2009-08-08 13:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-08 13:08 . 2007-04-13 15:22 -------- d-----w- c:\program files\Intel
2009-08-05 21:44 . 2009-08-05 21:43 -------- d-----w- c:\program files\CamStudio
2009-08-05 11:32 . 2009-08-05 11:32 -------- d-----w- c:\programdata\IsolatedStorage
2009-08-05 11:32 . 2009-08-05 11:32 -------- d-----w- c:\program files\Toshiba TEMPRO
2009-08-05 11:31 . 2008-11-16 21:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 10:45 . 2009-01-29 23:19 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-05 10:45 . 2009-01-29 23:19 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\SystemRequirementsLab
2009-08-04 11:06 . 2008-11-17 18:33 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\Azureus
2009-08-02 09:59 . 2008-11-24 20:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 17:36 . 2009-05-17 16:34 -------- d-----w- c:\users\Arranf_2\AppData\Roaming\Ventrilo
2009-07-26 17:01 . 2009-07-26 17:01 -------- d-----w- c:\program files\iPod
2009-07-26 17:01 . 2008-11-15 20:08 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 21:52 . 2009-07-29 09:11 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 09:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 09:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 09:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-15 10:15 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 10:15 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 10:15 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 10:15 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_17.52.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 18:21 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\gatherWirelessInfo.vbs
+ 2009-08-01 02:12 . 2009-04-11 06:28 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanhlp.dll
+ 2008-11-17 18:21 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\gatherWirelessInfo.vbs
+ 2008-11-17 18:21 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\gatherWirelessInfo.vbs
+ 2008-11-17 18:22 . 2008-01-19 07:36 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanhlp.dll
+ 2008-11-17 18:22 . 2008-01-19 07:36 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanapi.dll
+ 2008-11-17 18:21 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\gatherWirelessInfo.vbs
+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\gatherWirelessInfo.vbs
+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\gatherWirelessInfo.vbs
+ 2009-08-01 02:12 . 2009-04-11 06:27 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\rrinstaller.exe
+ 2009-08-01 02:12 . 2009-04-11 06:28 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfps.dll
+ 2009-08-01 02:12 . 2009-04-11 06:27 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfpmp.exe
+ 2008-11-17 18:22 . 2008-01-19 07:33 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\rrinstaller.exe
+ 2008-11-17 18:22 . 2008-01-19 07:34 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfps.dll
+ 2008-11-17 18:21 . 2008-01-19 07:33 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfpmp.exe
+ 2007-04-13 15:52 . 2009-09-10 22:10 62542 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-17 18:05 . 2009-09-10 22:10 15124 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1516280849-4020581899-2912383609-1002_UserData.bin
+ 2009-09-10 18:17 . 2009-07-29 08:54 46592 c:\windows\System32\DriverStore\FileRepository\pctndis.inf_d09d4479\pctNdis.sys
+ 2007-10-11 16:23 . 2009-09-10 22:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-11 16:23 . 2009-09-10 17:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-11 16:23 . 2009-09-10 22:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-11 16:23 . 2009-09-10 17:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-11 16:23 . 2009-09-10 17:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-10-11 16:23 . 2009-09-10 22:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-09-05 13:42 86016 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-09-10 18:18 86016 c:\windows\inf\infpub.dat
+ 2009-08-01 02:12 . 2009-04-11 04:54 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mferror.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mferror.dll
+ 2009-09-10 22:04 . 2009-09-10 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-10 17:48 . 2009-09-10 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-10 22:04 . 2009-09-10 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-10 17:48 . 2009-09-10 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-09-10 22:10 139732 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-19 17:40 . 2009-09-10 18:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-19 17:40 . 2009-09-10 17:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 10:25 . 2009-09-05 13:42 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-09-10 18:18 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-09-10 18:18 143360 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-09-05 13:42 143360 c:\windows\inf\infstor.dat
- 2006-11-02 10:22 . 2009-09-09 19:25 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-09-10 21:01 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-10-10 06:29 . 2009-09-10 22:03 1223896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-10-10 06:29 . 2009-09-10 17:46 1223896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-06-04 15:33 . 2009-09-10 21:13 212333419 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-08-27 2971608]
"snp2std"="c:\windows\vsnp2std.exe" [2006-12-04 675840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll e:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk
backup=c:\windows\pss\Run Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Arranf_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Arranf_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"CollaborationHost"=c:\windows\system32\p2phost.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C7E26FB3-618D-4683-817B-E814924CCBE6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4623A832-5A7A-4CF1-9B39-5C975B728009}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{96D781A5-C998-47B1-8922-2F0023B47FD8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D6A3E005-6EDB-4299-A19A-9F18094B40EA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{633CCAE7-8124-4AA2-BC03-DBB4C8DA87C0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C4E78729-B2F2-4BD1-9B50-6A4ED5F19B97}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A3A4AEB3-E5EF-4E3F-AF76-871E319DDCDF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{331843F8-E899-4DC8-90F2-FDDC1266A35F}"= UDP:5353:Adobe CSI CS4
"{D8096164-FBCD-46E5-99D6-34CB2D2B6141}"= e:\program files\Skype\Phone\Skype.exe:Skype
"{3F5D1955-0DEB-4BCC-B16E-821608B2EF0B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{2D3F401C-57D5-4513-94C3-8B2664E835E8}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{B72820F5-0470-467A-91EF-3BED6DC7D9CF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3A100139-C7CF-4F93-88A8-16D12BCEC70E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A4BA6C22-B12A-467C-9D16-E1B5E30F514C}"= UDP:e:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{09321481-804F-4783-8438-F38F645F262A}"= TCP:e:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{676AF48F-A499-4DD6-9190-13BA414793BE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7BDC8B2F-5960-45E9-9EF6-5247A663974A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{50E6C724-28CB-4856-96FF-63EDCAE95886}"= c:\program files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
"{8A2EB9CC-55D6-44B8-9CCF-9B855D17D429}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{89829439-6BC3-4672-B5B8-DD03A6C8F652}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{FB6A0F8C-6993-4820-BE7E-4A522E969C02}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FD218725-260D-47C0-812D-7EFA1770407C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1D69ED13-43AB-49E2-91A0-48353EE99539}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{8ABF9975-3C91-4899-A855-7F262D34CC84}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{1590378C-091D-4605-B684-FEEC23E2FB70}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{76546947-DB5B-4605-9B0A-FA7A94BF886C}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{264F058D-1039-4750-9399-233DF9342D1D}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{37987008-1ECA-4604-A89A-BA888EE4FCBA}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{B44C0B88-70E9-4F45-8541-32F18A9C713B}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9FBB6D6A-92BB-4A8F-9F56-7042E764DAC4}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{E4CC03E1-CD9A-4386-A643-9B4B876AA3CA}"= UDP:e:\program files\iTunes\iTunes.exe:iTunes
"{A63098FE-A5D7-46B0-BBA5-A37DA33A0151}"= TCP:e:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R?2 AeLookupSvcAgereModemAudio;Application Experience AeLookupSvcAgereModemAudio;c:\windows\system32\fustyisrtl.exe service --> c:\windows\system32\fustyisrtl.exe service [?]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [17/01/2009 10:47 229176]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [09/09/2009 19:13 108289]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [16/06/2009 16:44 233472]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [17/01/2009 10:47 86888]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [08/03/2008 12:05 810320]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [21/04/2009 17:36 116104]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [16/06/2009 16:44 36608]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\System32\drivers\pctNdis-DNS.sys [10/09/2009 19:17 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\System32\drivers\pctNdis-PacketFilter.sys [10/09/2009 19:17 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\System32\drivers\pctNdis.sys [10/09/2009 19:17 46592]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [17/01/2009 10:46 114832]
S2 gupdate1c9acc4d03de291;Google Update Service (gupdate1c9acc4d03de291);c:\program files\Google\Update\GoogleUpdate.exe [24/03/2009 22:09 133104]
S3 iadusb;MT882;c:\windows\System32\drivers\glauiad.sys [08/03/2008 11:30 29696]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\System32\drivers\S2usbser.sys [16/11/2008 15:34 103680]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [20/06/2009 12:43 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [20/06/2009 12:43 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [20/06/2009 12:43 121856]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 15:01 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 21:08]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 21:09]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 21:09]

2009-09-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- e:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-11-15 15:31]

2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{8CE55126-04F8-452B-846C-193C8187AA96}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Arranf_2\AppData\Roaming\Mozilla\Firefox\Profiles\946dhshw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Arranf_2\AppData\Roaming\Mozilla\Firefox\Profiles\946dhshw.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 00:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5996)
c:\program files\RocketDock\RocketDock.dll
.
Completion time: 2009-09-10 0:10
ComboFix-quarantined-files.txt 2009-09-10 23:10
ComboFix2.txt 2009-09-10 17:58

Pre-Run: 17,215,578,112 bytes free
Post-Run: 17,078,149,120 bytes free

362 --- E O F --- 2009-09-10 21:08
 
c:\windows\system32\fustyisrtl.exe <--Delete this file and leave it in the Recycle Bin. Let me know if it would not delete.

Re Run RootRepeal and lets make sure those files are gone. Post the log please.

How are things running now ?
 
Won't delete, startup is still a little slow. Hadn't had any memory spikes yet but I've not been on for very long. Will do rootpeal now.
 
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 16:49
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8E6B4000 Size: 778240 File Visible: No Signed: -
Status: -

Name: PctWfpFilter.sys
Image Path: \ArcName\multi(0)disk(0)rdisk(0)partition(2)\Windows\system32\drivers\PctWfpFilter.sys
Address: 0x8DC6A000 Size: 118784 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xACF7B000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spyt.sys
Image Path: C:\Windows\System32\Drivers\spyt.sys
Address: 0x80696000 Size: 1048576 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: SYSTEM
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1432 Status: Locked to the Windows API!

==EOF==
 
Lets delete that file. If it causes issues we can restore it.




Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: 
:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\fustyisrtl.exe


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me know how things are now ?
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. c:\windows\system32\fustyisrtl.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Arranf_2
->Temp folder emptied: 186346 bytes
->Temporary Internet Files folder emptied: 513750 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44679828 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Noel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 952 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.28 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09112009_174150
 
Did you reboot to get rid of that file ? If not do so now.

Run a new DDS and lets see if I missed something, if not it could be a windows issue and if so I can link you to some windows forums that deal with slow computers, we just do malware removal on this one.

Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here
 
DDS (Ver_09-07-30.01) - NTFSx86
Run by Arranf_2 at 18:04:03.06 on 11/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.1022 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
E:\Program files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\fustyisrtl.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\fustyisrtl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Arranf_2\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - e:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: e:\progra~1\kasper~1\kasper~1\mzvkbd.dll e:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\arranf_2\appdata\roaming\mozilla\firefox\profiles\946dhshw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\arranf_2\appdata\roaming\mozilla\firefox\profiles\946dhshw.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R?2 AeLookupSvcAgereModemAudio;Application Experience AeLookupSvcAgereModemAudio;c:\windows\system32\fustyisrtl.exe service --> c:\windows\system32\fustyisrtl.exe service [?]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-1-17 229176]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2009-9-9 108289]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-6-16 233472]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-1-17 86888]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-8 810320]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2009-4-21 116104]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-6-16 36608]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-9-10 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-9-10 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-9-10 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-1-17 114832]
S2 gupdate1c9acc4d03de291;Google Update Service (gupdate1c9acc4d03de291);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-3-8 29696]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [2008-11-16 103680]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-6-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-6-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-6-20 121856]
S4 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]

=============== Created Last 30 ================

2009-09-11 17:41 <DIR> --d----- C:\_OTM
2009-09-11 00:07 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-10 23:11 <DIR> --d----- c:\program files\Trend Micro
2009-09-10 22:40 <DIR> --d----- c:\users\arranf_2\appdata\roaming\Malwarebytes
2009-09-10 22:40 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:40 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 22:40 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-10 22:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 22:40 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-10 19:18 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-10 19:18 97,208 a------- c:\windows\system32\drivers\pctwfpfilter.sys
2009-09-10 19:17 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-10 19:17 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-09-10 19:17 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-10 18:17 230,912 a------- c:\windows\PEV.exe
2009-09-10 18:17 161,792 a------- c:\windows\SWREG.exe
2009-09-10 18:17 98,816 a------- c:\windows\sed.exe
2009-09-09 19:13 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-09 19:13 <DIR> --d----- c:\programdata\Avira
2009-09-09 19:13 <DIR> --d----- c:\progra~2\Avira
2009-09-09 18:58 <DIR> --d----- c:\users\arranf_2\appdata\roaming\AVG8
2009-09-07 22:04 959 a------- c:\windows\wininit.ini
2009-09-07 20:56 32,256 a------- c:\windows\system32\fustyisrtl.exe
2009-09-07 20:51 144 a------- c:\windows\system32\hjfe
2009-09-06 09:53 <DIR> --d----- c:\program files\Spotify
2009-09-05 15:01 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-05 14:00 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-05 14:00 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-09-05 14:00 270,848 a------- c:\windows\system32\schannel.dll
2009-09-05 14:00 213,504 a------- c:\windows\system32\msv1_0.dll
2009-09-05 14:00 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-05 14:00 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-05 14:00 72,704 a------- c:\windows\system32\secur32.dll
2009-09-05 14:00 9,728 a------- c:\windows\system32\lsass.exe
2009-09-02 22:29 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:29 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:04 269,830,117 a------- c:\windows\MEMORY.DMP
2009-08-27 03:02 2,048 a------- c:\windows\system32\tzres.dll
2009-08-21 23:49 34 a------- c:\users\arranf_2\jagex_runescape_preferences.dat
2009-08-21 23:43 <DIR> --d----- C:\.jagex_cache_32
2009-08-20 14:01 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-08-20 14:01 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-08-18 18:40 230,424 a------- C:\snp2sxp-001.raw
2009-08-13 16:08 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-08-13 16:08 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-08-13 16:08 <DIR> --d----- c:\program files\OpenAL
2009-08-13 16:08 0 a------- c:\windows\galaxy.ini
2009-08-13 15:36 <DIR> --d----- c:\program files\GameSpy Arcade

==================== Find3M ====================

2009-09-10 19:18 143,360 a------- c:\windows\inf\infstor.dat
2009-09-10 19:18 86,016 a------- c:\windows\inf\infpub.dat
2009-09-10 19:18 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-27 09:17 229,176 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-24 14:05 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 11:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-14 12:44 114,832 a------- c:\windows\system32\drivers\pctplfw.sys
2009-08-10 16:22 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-08-08 14:41 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-11-17 20:56 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-24 13:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-24 13:40 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-24 13:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:05:01.35 ===============
 
Any issues does sound like a windows problem. But that second file you told me to upload to virustotal, I couldn't find it via just browsing the System 32 folder, does that mean anything?
 
That file may be gone, most likely removed with one of the scans as I don't see it on any of the new logs.

Run this free online scanner ,lets see if it picks up anything

Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
C:\Qoobox\Quarantine\C\Windows\System32\drivers\kbiwkmwmcffbtu.sys.vir a variant of Win32/Olmarik.LR trojan cleaned by deleting - quarantined
C:\Windows\System32\fustyisrtl.exe a variant of Win32/Kryptik.AJC trojan cleaned by deleting (after the next restart) - quarantined
 
DDS (Ver_09-07-30.01) - NTFSx86
Run by Arranf_2 at 21:53:06.23 on 11/09/2009
Internet Explorer: 8.0.6001.18813
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - e:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: e:\progra~1\kasper~1\kasper~1\mzvkbd.dll e:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\arranf_2\appdata\roaming\mozilla\firefox\profiles\946dhshw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\arranf_2\appdata\roaming\mozilla\firefox\profiles\946dhshw.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-11 18:31 <DIR> --d----- c:\program files\ESET
2009-09-11 17:41 <DIR> --d----- C:\_OTM
2009-09-11 00:07 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-10 23:11 <DIR> --d----- c:\program files\Trend Micro
2009-09-10 22:40 <DIR> --d----- c:\users\arranf_2\appdata\roaming\Malwarebytes
2009-09-10 22:40 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:40 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 22:40 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-10 22:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 22:40 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-10 19:18 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-10 19:18 97,208 a------- c:\windows\system32\drivers\pctwfpfilter.sys
2009-09-10 19:17 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-10 19:17 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-09-10 19:17 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-10 18:17 230,912 a------- c:\windows\PEV.exe
2009-09-10 18:17 161,792 a------- c:\windows\SWREG.exe
2009-09-10 18:17 98,816 a------- c:\windows\sed.exe
2009-09-09 19:13 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-09 19:13 <DIR> --d----- c:\programdata\Avira
2009-09-09 19:13 <DIR> --d----- c:\progra~2\Avira
2009-09-09 18:58 <DIR> --d----- c:\users\arranf_2\appdata\roaming\AVG8
2009-09-07 22:04 959 a------- c:\windows\wininit.ini
2009-09-07 20:51 144 a------- c:\windows\system32\hjfe
2009-09-06 09:53 <DIR> --d----- c:\program files\Spotify
2009-09-05 15:01 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-05 14:00 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-05 14:00 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-09-05 14:00 270,848 a------- c:\windows\system32\schannel.dll
2009-09-05 14:00 213,504 a------- c:\windows\system32\msv1_0.dll
2009-09-05 14:00 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-05 14:00 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-05 14:00 72,704 a------- c:\windows\system32\secur32.dll
2009-09-05 14:00 9,728 a------- c:\windows\system32\lsass.exe
2009-09-02 22:29 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:29 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:04 269,830,117 a------- c:\windows\MEMORY.DMP
2009-08-27 03:02 2,048 a------- c:\windows\system32\tzres.dll
2009-08-21 23:49 34 a------- c:\users\arranf_2\jagex_runescape_preferences.dat
2009-08-21 23:43 <DIR> --d----- C:\.jagex_cache_32
2009-08-20 14:01 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-08-20 14:01 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-08-18 18:40 230,424 a------- C:\snp2sxp-001.raw
2009-08-13 16:08 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-08-13 16:08 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-08-13 16:08 <DIR> --d----- c:\program files\OpenAL
2009-08-13 16:08 0 a------- c:\windows\galaxy.ini
2009-08-13 15:36 <DIR> --d----- c:\program files\GameSpy Arcade

==================== Find3M ====================

2009-09-10 19:18 143,360 a------- c:\windows\inf\infstor.dat
2009-09-10 19:18 86,016 a------- c:\windows\inf\infpub.dat
2009-09-10 19:18 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-27 09:17 229,176 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-24 14:05 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 11:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-14 12:44 114,832 a------- c:\windows\system32\drivers\pctplfw.sys
2009-08-10 16:22 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-08-08 14:41 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-11-17 20:56 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-24 13:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-24 13:40 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-24 13:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 21:56:15.19 ===============
 
That didnt show the whole picture that I needed to see, drag DDS to the trash and redownload it and run it again

Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here
 
DDS (Ver_09-07-30.01) - NTFSx86
Run by Arranf_2 at 22:18:49.65 on 11/09/2009
Internet Explorer: 8.0.6001.18813
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\arranf_2\appdata\roaming\mozilla\firefox\profiles\946dhshw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\arranf_2\appdata\roaming\mozilla\firefox\profiles\946dhshw.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-11 18:31 <DIR> --d----- c:\program files\ESET
2009-09-11 17:41 <DIR> --d----- C:\_OTM
2009-09-11 00:07 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-10 23:11 <DIR> --d----- c:\program files\Trend Micro
2009-09-10 22:40 <DIR> --d----- c:\users\arranf_2\appdata\roaming\Malwarebytes
2009-09-10 22:40 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:40 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 22:40 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-10 22:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 22:40 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-10 19:18 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-10 19:18 97,208 a------- c:\windows\system32\drivers\pctwfpfilter.sys
2009-09-10 19:17 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-10 19:17 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-09-10 19:17 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-10 18:17 230,912 a------- c:\windows\PEV.exe
2009-09-10 18:17 161,792 a------- c:\windows\SWREG.exe
2009-09-10 18:17 98,816 a------- c:\windows\sed.exe
2009-09-09 19:13 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-09 19:13 <DIR> --d----- c:\programdata\Avira
2009-09-09 19:13 <DIR> --d----- c:\progra~2\Avira
2009-09-09 18:58 <DIR> --d----- c:\users\arranf_2\appdata\roaming\AVG8
2009-09-07 22:04 959 a------- c:\windows\wininit.ini
2009-09-07 20:51 144 a------- c:\windows\system32\hjfe
2009-09-06 09:53 <DIR> --d----- c:\program files\Spotify
2009-09-05 15:01 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-05 14:00 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-05 14:00 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-09-05 14:00 270,848 a------- c:\windows\system32\schannel.dll
2009-09-05 14:00 213,504 a------- c:\windows\system32\msv1_0.dll
2009-09-05 14:00 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-05 14:00 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-05 14:00 72,704 a------- c:\windows\system32\secur32.dll
2009-09-05 14:00 9,728 a------- c:\windows\system32\lsass.exe
2009-09-02 22:29 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:29 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:04 269,830,117 a------- c:\windows\MEMORY.DMP
2009-08-27 03:02 2,048 a------- c:\windows\system32\tzres.dll
2009-08-21 23:49 34 a------- c:\users\arranf_2\jagex_runescape_preferences.dat
2009-08-21 23:43 <DIR> --d----- C:\.jagex_cache_32
2009-08-20 14:01 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-08-20 14:01 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-08-18 18:40 230,424 a------- C:\snp2sxp-001.raw
2009-08-13 16:08 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-08-13 16:08 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-08-13 16:08 <DIR> --d----- c:\program files\OpenAL
2009-08-13 16:08 0 a------- c:\windows\galaxy.ini
2009-08-13 15:36 <DIR> --d----- c:\program files\GameSpy Arcade

==================== Find3M ====================

2009-09-10 19:18 143,360 a------- c:\windows\inf\infstor.dat
2009-09-10 19:18 86,016 a------- c:\windows\inf\infpub.dat
2009-09-10 19:18 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-27 09:17 229,176 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-24 14:05 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 11:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-14 12:44 114,832 a------- c:\windows\system32\drivers\pctplfw.sys
2009-08-10 16:22 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-08-08 14:41 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-11-17 20:56 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-24 13:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-24 13:40 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-24 13:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:19:16.20 ===============
 
Smoother, I haven't noticed it being particularly laggy. Anything else I need to do, if not, can you keep the topic open another 24 hours just in case it stops working?
 
Status
Not open for further replies.
Back
Top