System freeze when drag and drop

View previous topic View next topic Go down

Re: System freeze when drag and drop

Post by Voods on Mon Apr 05, 2010 11:35 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:32:03, on 06/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Farstone\HackerSmacker\FWMain.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\Voodoo\Desktop\MalwareAndSpyware\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\HackerSmacker\webflt.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - Global Startup: HackerSmacker 3.0.lnk = C:\Program Files\Farstone\HackerSmacker\FWMain.exe
O8 - Extra context menu item: &Download by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FWCOM - FarStone Technology Inc. - C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 6756 bytes

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Mon Apr 05, 2010 11:35 pm

NB:

Why does it always show I'm using IE when I don't..? I only use it when I'm doing a windows update..

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Tue Apr 06, 2010 5:18 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Tue Apr 06, 2010 8:50 pm

The program won't get through a full scan..
It freezes when looking at the:

hkey_current_user internet explorer settings

Regards

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Wed Apr 07, 2010 12:49 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Wed Apr 07, 2010 10:37 am

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3958

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

07/04/2010 10:49:15
mbam-log-2010-04-07 (10-49-15).txt

Scan type: Full scan (C:\|L:\|)
Objects scanned: 178369
Time elapsed: 45 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5F9CED2F-97A5-4886-91F7-E8AA5CE23EA8}\RP279\A0061935.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5F9CED2F-97A5-4886-91F7-E8AA5CE23EA8}\RP279\A0061978.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Wed Apr 07, 2010 7:30 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Wed Apr 07, 2010 8:00 pm

Hi

OLT is still freezing when scanning :

hkey_current_user internet explorer settings

Regards

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Thu Apr 08, 2010 12:07 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Thu Apr 08, 2010 11:44 am

ComboFix 10-04-07.04 - Voodoo 08/04/2010 12:30:03.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.292 [GMT 1]
Running from: c:\documents and settings\Voodoo\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Voodoo\Application Data\inst.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-07 14:36 . 2010-04-07 14:36 -------- d-----w- c:\program files\Bytescout XLS Viewer
2010-04-07 13:50 . 2010-04-07 13:50 -------- d-----w- c:\program files\Rollercoaster Rush
2010-04-06 19:01 . 2010-04-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-06 19:01 . 2010-04-07 10:54 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-04 23:47 . 2010-04-06 10:25 -------- d-----w- c:\program files\Steam
2010-04-03 13:06 . 2009-02-04 18:58 950272 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\MasteringReverb.dll
2010-04-03 13:06 . 2009-02-04 18:58 2990080 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\iZMasteringReverb.dll
2010-04-03 13:06 . 2008-12-09 14:12 377344 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Equalizer.dll
2010-04-03 13:06 . 2008-10-17 10:12 376320 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Delay.dll
2010-04-03 13:06 . 2008-07-18 08:22 359424 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Chorus.dll
2010-04-03 13:05 . 2010-04-03 13:05 765722 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\unins000.exe
2010-04-03 13:01 . 2010-04-03 13:01 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\Voodoo\Application Data\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\PACE Anti-Piracy
2010-04-03 12:47 . 2008-07-02 15:26 630784 ----a-w- c:\windows\system32\ilinet.dll
2010-04-03 12:47 . 2005-05-08 17:56 55808 ----a-w- c:\windows\system32\zlib1.dll
2010-04-03 12:47 . 2005-05-08 17:55 203264 ----a-w- c:\windows\system32\libpng13.dll
2010-04-03 12:47 . 2009-02-04 18:58 950272 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\MasteringReverb.dll
2010-04-03 12:47 . 2009-02-04 18:58 2990080 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\iZMasteringReverb.dll
2010-04-03 12:47 . 2008-12-09 14:12 377344 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Equalizer.dll
2010-04-03 12:47 . 2008-10-17 10:12 376320 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Delay.dll
2010-04-03 12:47 . 2008-07-18 08:22 359424 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Chorus.dll
2010-04-03 12:45 . 2010-04-03 12:45 -------- d-----w- c:\program files\SONiVOX
2010-04-03 12:44 . 2010-04-03 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SONiVOX
2010-04-03 12:44 . 2010-04-03 12:44 765722 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\unins000.exe
2010-04-03 12:43 . 2010-04-03 12:43 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-03 12:42 . 2010-04-03 12:42 -------- d-----w- c:\program files\InterLok
2010-04-02 21:28 . 2004-11-26 12:16 225280 ----a-w- c:\windows\system32\ReWire.dll
2010-04-02 17:41 . 2010-04-02 17:43 -------- d-----w- c:\documents and settings\Voodoo\Application Data\ACAMPREF
2010-04-02 17:41 . 2010-04-02 17:42 -------- d-----w- c:\program files\Harmony Assistant
2010-04-01 14:13 . 1995-09-29 19:37 30048 ----a-w- c:\windows\Unwise.exe
2010-04-01 14:13 . 2010-04-01 14:13 -------- d-----w- c:\program files\DISCOVERY MULTIMEDIA
2010-03-31 15:05 . 2010-03-31 15:05 -------- d-----w- c:\program files\Java
2010-03-31 01:29 . 2009-08-02 17:49 3036024 ----a-w- c:\documents and settings\Voodoo\Application Data\Simply Super Software\Trojan Remover\pigF0E2.exe
2010-03-30 21:43 . 2010-04-05 00:18 -------- d-----w- C:\Games
2010-03-30 21:09 . 2000-01-27 14:27 557056 ----a-w- c:\windows\system32\WONshell.dll
2010-03-30 21:09 . 2000-01-27 14:27 196608 ----a-w- c:\windows\system32\WONauth.dll
2010-03-30 21:09 . 1999-09-08 12:45 233472 ----a-w- c:\windows\system32\SNWValid.dll
2010-03-30 21:09 . 1999-09-08 12:45 1204224 ----a-w- c:\windows\system32\SierraNW.dll
2010-03-30 21:09 . 2010-03-30 21:09 -------- d-----w- c:\program files\Sierra On-Line
2010-03-30 21:09 . 1999-09-08 12:45 24928 ----a-w- c:\windows\system32\Sigres.exe
2010-03-30 21:09 . 1999-09-08 12:45 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-03-30 21:09 . 2010-03-30 21:09 -------- d-----w- C:\Sierra
2010-03-29 16:40 . 2010-04-02 17:31 -------- d-----w- C:\Update
2010-03-28 16:22 . 2010-03-28 16:22 -------- d-----w- c:\program files\FLAC
2010-03-19 20:16 . 2010-03-19 20:16 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\Pando
2010-03-19 20:15 . 2010-03-19 20:15 -------- d-----w- c:\program files\Pando Networks
2010-03-16 13:26 . 2010-03-16 13:26 -------- d-----w- c:\program files\Speccy
2010-03-14 23:06 . 2010-04-07 16:51 -------- d-----w- c:\documents and settings\Voodoo\Application Data\PrimoPDF
2010-03-14 22:51 . 2010-03-16 13:50 -------- d-----w- c:\program files\Nitro PDF
2010-03-09 17:12 . 2010-03-09 17:12 -------- d-----w- c:\program files\QuickSFV
2010-03-09 16:57 . 2010-03-09 17:09 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\QuickPar
2010-03-09 16:55 . 2010-03-09 16:55 -------- d-----w- c:\program files\QuickPar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 00:44 . 2009-03-14 14:10 -------- d-----w- c:\program files\XYplorer
2010-04-08 00:44 . 2010-02-21 00:46 -------- d-----w- c:\documents and settings\Voodoo\Application Data\vlc
2010-04-06 11:51 . 2009-03-22 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-06 11:50 . 2009-06-21 16:01 -------- d-----w- c:\program files\SpywareBlaster
2010-04-06 11:31 . 2009-03-14 14:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\foobar2000
2010-04-06 11:14 . 2009-12-30 01:46 117760 ----a-w- c:\documents and settings\Voodoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-06 11:12 . 2009-03-13 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-06 11:06 . 2009-03-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 11:05 . 2010-01-28 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2010-04-06 11:04 . 2009-03-13 16:27 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 01:37 . 2009-03-13 18:44 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Orbit
2010-04-06 01:23 . 2010-01-30 22:01 436207616 --sha-w- C:\eboostr.dat
2010-04-05 20:18 . 2009-04-23 21:31 -------- d-----w- c:\documents and settings\Voodoo\Application Data\dvdcss
2010-04-03 13:01 . 2009-03-22 17:03 -------- d-----w- c:\program files\Native Instruments
2010-04-02 22:34 . 2009-03-13 20:31 -------- d-----w- c:\program files\Syncrosoft
2010-04-02 22:10 . 2009-03-14 13:39 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Steinberg
2010-04-02 17:54 . 2009-03-14 12:30 32 ----a-w- c:\windows\msocreg32.dat
2010-04-02 17:49 . 2009-03-13 14:44 173424 ----a-w- c:\documents and settings\Voodoo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 17:41 . 2010-04-02 17:41 1409 ----a-w- c:\windows\Fonts\SToccata.fot
2010-03-31 15:05 . 2009-03-13 18:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 23:46 . 2009-03-13 16:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-03-13 16:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:55 . 2009-03-14 13:32 -------- d-----w- c:\program files\foobar2000
2010-03-16 13:25 . 2009-03-23 18:08 -------- d-----w- c:\program files\CCleaner
2010-03-08 23:26 . 2010-03-08 23:24 -------- d-----w- c:\documents and settings\Voodoo\Application Data\FMZilla
2010-03-08 23:23 . 2009-03-13 18:44 -------- d-----w- c:\program files\Orbitdownloader
2010-03-08 23:21 . 2010-03-08 23:21 -------- d-----w- c:\documents and settings\Voodoo\Application Data\OpenCandy
2010-03-08 23:21 . 2010-03-08 23:21 939909 ----a-w- c:\documents and settings\Voodoo\Application Data\OpenCandy\FreeMusicZillaWrapped.exe
2010-03-06 14:41 . 2010-03-06 14:41 -------- d-----w- c:\program files\Smallvideosoft
2010-03-06 14:04 . 2009-03-13 18:45 -------- d-----w- c:\documents and settings\Voodoo\Application Data\GrabPro
2010-03-04 14:52 . 2010-03-04 14:51 -------- d-----w- c:\program files\KGB Archiver
2010-03-02 11:43 . 2010-03-02 11:43 65567 ----a-w- c:\documents and settings\All Users\Application Data\tmpE2A6.tmp
2010-03-02 11:43 . 2010-03-02 11:43 65564 ----a-w- c:\documents and settings\All Users\Application Data\tmpE29B.tmp
2010-03-02 11:37 . 2010-03-02 11:37 3804950 ----a-w- c:\documents and settings\All Users\Application Data\tmpE004.tmp
2010-02-28 19:15 . 2010-02-28 19:00 -------- d-----w- c:\program files\TrojanHunter 5.0
2010-02-28 19:03 . 2010-02-28 19:03 -------- d-----w- c:\documents and settings\Voodoo\Application Data\TrojanHunter
2010-02-28 15:04 . 2010-02-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-02-28 15:04 . 2010-02-28 15:03 -------- d-----w- c:\program files\Raxco
2010-02-27 22:46 . 2010-02-27 22:46 -------- d-----w- c:\program files\MyRealGames.com
2010-02-26 05:43 . 2003-07-16 16:45 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2009-03-13 14:38 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-20 13:04 . 2009-04-07 14:05 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Spotify
2010-02-16 18:40 . 2009-12-27 16:35 -------- d-----w- c:\program files\Veetle
2010-02-12 17:54 . 2009-06-08 21:44 1227816 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-12 16:20 . 2010-02-12 16:20 -------- d-----w- c:\program files\Common Files\Java
2010-02-12 16:20 . 2010-02-12 16:20 503808 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\msvcp71.dll
2010-02-12 16:20 . 2010-02-12 16:20 499712 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\jmc.dll
2010-02-12 16:20 . 2010-02-12 16:20 348160 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\msvcr71.dll
2010-02-12 16:20 . 2010-02-12 16:20 61440 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d4af267-n\decora-sse.dll
2010-02-12 16:20 . 2010-02-12 16:20 12800 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d4af267-n\decora-d3d.dll
2010-02-09 00:19 . 2009-03-22 19:27 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Skype
2010-02-08 22:13 . 2010-02-08 22:13 -------- d-----w- c:\program files\Lame
2010-02-08 01:04 . 2009-04-14 21:46 -------- d-----w- c:\program files\STOPzilla!
2010-02-08 01:00 . 2009-04-14 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-25 15:21 . 2010-01-25 15:21 2 --shatr- c:\windows\winstart.bat
2010-01-17 20:06 . 2010-01-17 20:05 3175784 ----a-w- c:\documents and settings\Voodoo\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-19 13:35 . 2009-09-19 13:35 8 --sh--r- c:\windows\system32\02910CF17B.sys
2009-09-19 13:36 . 2009-09-19 13:35 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"HS3_AutoRun"="c:\program files\Farstone\HackerSmacker\FWMain.exe" [2005-07-23 323584]

c:\documents and settings\Voodoo\Start Menu\Programs\Startup\
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-2-6 2021400]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HackerSmacker 3.0.lnk - c:\program files\Farstone\HackerSmacker\FWMain.exe [2005-7-23 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 07:03 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-08-20 20:24 151552 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 16:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-29 12:30 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 23:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HS3_AutoRun]
2005-07-23 17:49 323584 ----a-w- c:\program files\Farstone\HackerSmacker\FWMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-05-28 17:32 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-01-05 14:39 336896 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 12:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-04 23:51 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-06 11:12 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=3 (0x3)
"Ati HotKey Poller"=3 (0x3)
"SbieSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Super Internet TV\\Super Internet TV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57771:TCP"= 57771:TCP:Pando
"57771:UDP"= 57771:UDP:Pando

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [28/01/2009 12:34 125544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 15:23 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 08:56 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 08:56 66632]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 15:23 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [23/03/2009 17:59 18882]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/03/2009 17:21 303952]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [13/03/2009 21:31 33792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [13/03/2009 20:51 115312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/03/2009 17:21 20824]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/04/2009 13:10 717296]
S2 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys --> \\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys [?]
S3 FWCOM;FWCOM;c:\program files\Farstone\HackerSmacker\FWCOM.exe [18/07/2005 19:27 69632]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\DA9.tmp --> c:\windows\system32\DA9.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 08:56 12872]
S4 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [28/01/2009 12:34 634488]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 09:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-07 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-23 15:48]

2010-04-08 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
MSConfigStartUp-OODefragTray - c:\program files\OO Software\Defrag\oodtray.exe
AddRemove-Steinberg The Grand 2 v2.0.0.1152 - c:\progra~1\STEINB~1\VSTPLU~1\THEGRA~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-08 12:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\DA9.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{240FDE14-45E3-78FC-9192-675E29ECCB9E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaojpnifkflmdfddndbk"=hex:69,61,6f,69,64,69,6a,6d,62,63,63,64,6b,6a,6c,63,67,
6a,00,00
"jaojpngfpncocjmpgiac"=hex:68,62,69,69,62,6b,63,67,65,6a,65,6b,6f,70,62,68,64,
70,6c,65,64,70,6b,62,65,66,66,6d,6a,6f,63,64,62,64,63,63,6c,6e,70,65,69,66,\

[HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD42A954-F9E7-F446-D346-A866649FEB8A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abphnjehiblbihlbpmjahjdmcnnghldjia"=hex:6d,61,66,65,64,6b,69,63,67,66,6b,68,
70,66,61,6d,67,67,70,65,68,6f,6b,61,70,6d,00,00
"maaicjfdndpmdmjmlbjlckbhhh"=hex:70,61,68,64,64,61,64,6f,6b,62,65,68,63,66,61,
6b,6b,6f,62,70,70,6a,6c,70,64,6b,70,6c,6e,68,6a,61,00,f1

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="83EDC7D649F9EC5F53DBFBE889484F41BA035D8350BF5CBEC761EF84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D679410AECF649C222455881B92C2CFF5DE9073E18CBFA09692D24B72482406A5406255AC1AA5C03C93587072D3570D4EBB96305BC12428191050CAE87E62A5AB0F1C5151926E15751F1FC25DE4586FE92C40625177A867B210F06863812772F2C981FC4F44BFB398068A84E7436AB13E75DD3CC5C3AFD3217C16A50199B6BDA0A0A3C67D4C5EEF52DD7AB2C08470C021B2C1E6E14D61988412227802A51810BF171611535E544DB68E54BAB94E183DCD50C17DF1D0279360E5FC48C99498A4BB847231F0BFEE843B560302CBDC4D7DE4113991649EB1589CDD92F263ED47EB6695D471964BBE013C45725D10FE428B690986264F9B742E07B4D1C97AC9F88876C8DD102B6E18E3F4BF17184618EE24C2A40B33E8BE258C50F82F90605645D183F231BEB82D96030BFE6372519F8A3ABB1FB0248C953FA48B0FA2820AD209540DBB79A3EB1C95E40290D29DB7209571848C5FDA3CBF82D7B1ABA64A1097E4CE719D625918E53647C6D3E243A4395224AF51852B9A7172BCA05ABA8AAF8BBBB479EA1CECB2C95E9926FD957BE61F465FB62718DAEF72D41F9579635749ACB5AECC455CE0551936025297EE577118BAE5F19B8C28A7A036FB37BD293A638BBF16F8255AAABDB9ACD8637E7AD8DB003E2C2212DC42D1EAE4070E2C95B0244F0A7D6FD654B54E2670A852E2C4775FC5245BEBBE874D225674A4051F3AAA5A2F09A505790B5E0DEEF834FD49609E5CEB81D254AB91E0F07A3CF16DC6298EF67AF287748041F823B2FDEE290AE12CD50BB02249377E893B0556BCFB25FA330E11C6CDD9344048602AFD02F8D2E2F3F0CDCF8F1813DBC79EB4A28649104CE7596742D93731D50AB39FB748792482BDFAF3419575C3360FDFDD4586CF35BAEB34096A3CF1E452E8B46FB3D49853614361CFAA607824A047E76A23277210EA76221288BE531609091E8D38E9A788A4B3364976D19B63B24C41D4E908747504AE463326DC89DAD47FCB00D3025DC0F6B2B25C5300BF0186EE1D2E07F9FD0C33B169B29645A49E1156C161D6C756CB0657B017B3B3A7D2BA724D992D841CCDA51279E9EA5B9AA11E8CA45FD61D8D4F82AB2E9CCB6AFA84F18E4CD155E1BE8911530545FD37C5786012BDBBAD166844A12F4FA51755C41252EFB4A03A003A632C6E44466AA4610A41507C4DF7FAAA7720555A7CD4DBF3CE8737C5E7D903C65033D00F0210A191922E9D72FE16C80188B705BA018416DCDEBE78E41B77BF819BE55CE0A394645AA016CAD44E2E30F76E2D997EA5EE52B73CACB919C31C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2010-04-08 12:36:42
ComboFix-quarantined-files.txt 2010-04-08 11:36
ComboFix2.txt 2009-06-21 01:25
ComboFix3.txt 2009-06-20 15:40

Pre-Run: 7,648,628,736 bytes free
Post-Run: 8,499,818,496 bytes free

- - End Of File - - A3BCADFA567101FA567CF666030F39CA


Last edited by Voods on Thu Apr 08, 2010 6:29 pm; edited 1 time in total (Reason for editing : Incomplete Log)

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Thu Apr 08, 2010 7:57 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    RegNull::
    [HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{240FDE14-45E3-78FC-9192-675E29ECCB9E}*]
    [HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD42A954-F9E7-F446-D346-A866649FEB8A}*]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Thu Apr 08, 2010 8:22 pm

ComboFix 10-04-07.04 - Voodoo 08/04/2010 21:08:47.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.299 [GMT 1:00]
Running from: c:\documents and settings\Voodoo\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Voodoo\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 17:28 . 2009-08-02 17:49 3036024 ----a-w- c:\documents and settings\Voodoo\Application Data\Simply Super Software\Trojan Remover\awk1058.exe
2010-04-07 14:36 . 2010-04-07 14:36 -------- d-----w- c:\program files\Bytescout XLS Viewer
2010-04-07 13:50 . 2010-04-07 13:50 -------- d-----w- c:\program files\Rollercoaster Rush
2010-04-06 19:01 . 2010-04-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-06 19:01 . 2010-04-07 10:54 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-04 23:47 . 2010-04-06 10:25 -------- d-----w- c:\program files\Steam
2010-04-03 13:06 . 2009-02-04 18:58 950272 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\MasteringReverb.dll
2010-04-03 13:06 . 2009-02-04 18:58 2990080 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\iZMasteringReverb.dll
2010-04-03 13:06 . 2008-12-09 14:12 377344 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Equalizer.dll
2010-04-03 13:06 . 2008-10-17 10:12 376320 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Delay.dll
2010-04-03 13:06 . 2008-07-18 08:22 359424 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Chorus.dll
2010-04-03 13:05 . 2010-04-03 13:05 765722 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\unins000.exe
2010-04-03 13:01 . 2010-04-03 13:01 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\Voodoo\Application Data\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\PACE Anti-Piracy
2010-04-03 12:47 . 2008-07-02 15:26 630784 ----a-w- c:\windows\system32\ilinet.dll
2010-04-03 12:47 . 2005-05-08 17:56 55808 ----a-w- c:\windows\system32\zlib1.dll
2010-04-03 12:47 . 2005-05-08 17:55 203264 ----a-w- c:\windows\system32\libpng13.dll
2010-04-03 12:47 . 2009-02-04 18:58 950272 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\MasteringReverb.dll
2010-04-03 12:47 . 2009-02-04 18:58 2990080 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\iZMasteringReverb.dll
2010-04-03 12:47 . 2008-12-09 14:12 377344 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Equalizer.dll
2010-04-03 12:47 . 2008-10-17 10:12 376320 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Delay.dll
2010-04-03 12:47 . 2008-07-18 08:22 359424 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Chorus.dll
2010-04-03 12:45 . 2010-04-03 12:45 -------- d-----w- c:\program files\SONiVOX
2010-04-03 12:44 . 2010-04-03 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SONiVOX
2010-04-03 12:44 . 2010-04-03 12:44 765722 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\unins000.exe
2010-04-03 12:43 . 2010-04-03 12:43 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-03 12:42 . 2010-04-03 12:42 -------- d-----w- c:\program files\InterLok
2010-04-02 21:28 . 2004-11-26 12:16 225280 ----a-w- c:\windows\system32\ReWire.dll
2010-04-02 17:41 . 2010-04-02 17:43 -------- d-----w- c:\documents and settings\Voodoo\Application Data\ACAMPREF
2010-04-02 17:41 . 2010-04-02 17:42 -------- d-----w- c:\program files\Harmony Assistant
2010-04-01 14:13 . 1995-09-29 19:37 30048 ----a-w- c:\windows\Unwise.exe
2010-04-01 14:13 . 2010-04-01 14:13 -------- d-----w- c:\program files\DISCOVERY MULTIMEDIA
2010-03-31 15:05 . 2010-03-31 15:05 -------- d-----w- c:\program files\Java
2010-03-30 21:43 . 2010-04-05 00:18 -------- d-----w- C:\Games
2010-03-30 21:09 . 2000-01-27 14:27 557056 ----a-w- c:\windows\system32\WONshell.dll
2010-03-30 21:09 . 2000-01-27 14:27 196608 ----a-w- c:\windows\system32\WONauth.dll
2010-03-30 21:09 . 1999-09-08 12:45 233472 ----a-w- c:\windows\system32\SNWValid.dll
2010-03-30 21:09 . 1999-09-08 12:45 1204224 ----a-w- c:\windows\system32\SierraNW.dll
2010-03-30 21:09 . 2010-03-30 21:09 -------- d-----w- c:\program files\Sierra On-Line
2010-03-30 21:09 . 1999-09-08 12:45 24928 ----a-w- c:\windows\system32\Sigres.exe
2010-03-30 21:09 . 1999-09-08 12:45 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-03-30 21:09 . 2010-03-30 21:09 -------- d-----w- C:\Sierra
2010-03-29 16:40 . 2010-04-02 17:31 -------- d-----w- C:\Update
2010-03-28 16:22 . 2010-03-28 16:22 -------- d-----w- c:\program files\FLAC
2010-03-19 20:16 . 2010-03-19 20:16 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\Pando
2010-03-19 20:15 . 2010-03-19 20:15 -------- d-----w- c:\program files\Pando Networks
2010-03-16 13:26 . 2010-03-16 13:26 -------- d-----w- c:\program files\Speccy
2010-03-14 23:06 . 2010-04-07 16:51 -------- d-----w- c:\documents and settings\Voodoo\Application Data\PrimoPDF
2010-03-14 22:51 . 2010-03-16 13:50 -------- d-----w- c:\program files\Nitro PDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 19:07 . 2009-04-07 14:05 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Spotify
2010-04-08 18:29 . 2009-03-14 14:10 -------- d-----w- c:\program files\XYplorer
2010-04-08 13:59 . 2009-03-14 14:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\foobar2000
2010-04-08 00:44 . 2010-02-21 00:46 -------- d-----w- c:\documents and settings\Voodoo\Application Data\vlc
2010-04-06 11:51 . 2009-03-22 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-06 11:50 . 2009-06-21 16:01 -------- d-----w- c:\program files\SpywareBlaster
2010-04-06 11:14 . 2009-12-30 01:46 117760 ----a-w- c:\documents and settings\Voodoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-06 11:12 . 2009-03-13 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-06 11:06 . 2009-03-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 11:05 . 2010-01-28 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2010-04-06 11:04 . 2009-03-13 16:27 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 01:37 . 2009-03-13 18:44 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Orbit
2010-04-06 01:23 . 2010-01-30 22:01 436207616 --sha-w- C:\eboostr.dat
2010-04-05 20:18 . 2009-04-23 21:31 -------- d-----w- c:\documents and settings\Voodoo\Application Data\dvdcss
2010-04-03 13:01 . 2009-03-22 17:03 -------- d-----w- c:\program files\Native Instruments
2010-04-02 22:34 . 2009-03-13 20:31 -------- d-----w- c:\program files\Syncrosoft
2010-04-02 22:10 . 2009-03-14 13:39 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Steinberg
2010-04-02 17:54 . 2009-03-14 12:30 32 ----a-w- c:\windows\msocreg32.dat
2010-04-02 17:49 . 2009-03-13 14:44 173424 ----a-w- c:\documents and settings\Voodoo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 17:41 . 2010-04-02 17:41 1409 ----a-w- c:\windows\Fonts\SToccata.fot
2010-03-31 15:05 . 2009-03-13 18:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 23:46 . 2009-03-13 16:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-03-13 16:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:55 . 2009-03-14 13:32 -------- d-----w- c:\program files\foobar2000
2010-03-16 13:25 . 2009-03-23 18:08 -------- d-----w- c:\program files\CCleaner
2010-03-09 17:12 . 2010-03-09 17:12 -------- d-----w- c:\program files\QuickSFV
2010-03-09 16:55 . 2010-03-09 16:55 -------- d-----w- c:\program files\QuickPar
2010-03-08 23:26 . 2010-03-08 23:24 -------- d-----w- c:\documents and settings\Voodoo\Application Data\FMZilla
2010-03-08 23:23 . 2009-03-13 18:44 -------- d-----w- c:\program files\Orbitdownloader
2010-03-08 23:21 . 2010-03-08 23:21 -------- d-----w- c:\documents and settings\Voodoo\Application Data\OpenCandy
2010-03-08 23:21 . 2010-03-08 23:21 939909 ----a-w- c:\documents and settings\Voodoo\Application Data\OpenCandy\FreeMusicZillaWrapped.exe
2010-03-06 14:41 . 2010-03-06 14:41 -------- d-----w- c:\program files\Smallvideosoft
2010-03-06 14:04 . 2009-03-13 18:45 -------- d-----w- c:\documents and settings\Voodoo\Application Data\GrabPro
2010-03-04 14:52 . 2010-03-04 14:51 -------- d-----w- c:\program files\KGB Archiver
2010-03-02 11:43 . 2010-03-02 11:43 65567 ----a-w- c:\documents and settings\All Users\Application Data\tmpE2A6.tmp
2010-03-02 11:43 . 2010-03-02 11:43 65564 ----a-w- c:\documents and settings\All Users\Application Data\tmpE29B.tmp
2010-03-02 11:37 . 2010-03-02 11:37 3804950 ----a-w- c:\documents and settings\All Users\Application Data\tmpE004.tmp
2010-02-28 19:15 . 2010-02-28 19:00 -------- d-----w- c:\program files\TrojanHunter 5.0
2010-02-28 19:03 . 2010-02-28 19:03 -------- d-----w- c:\documents and settings\Voodoo\Application Data\TrojanHunter
2010-02-28 15:04 . 2010-02-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-02-28 15:04 . 2010-02-28 15:03 -------- d-----w- c:\program files\Raxco
2010-02-27 22:46 . 2010-02-27 22:46 -------- d-----w- c:\program files\MyRealGames.com
2010-02-26 05:43 . 2003-07-16 16:45 667136 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2009-03-13 14:38 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-16 18:40 . 2009-12-27 16:35 -------- d-----w- c:\program files\Veetle
2010-02-12 17:54 . 2009-06-08 21:44 1227816 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-12 16:20 . 2010-02-12 16:20 -------- d-----w- c:\program files\Common Files\Java
2010-02-12 16:20 . 2010-02-12 16:20 503808 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\msvcp71.dll
2010-02-12 16:20 . 2010-02-12 16:20 499712 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\jmc.dll
2010-02-12 16:20 . 2010-02-12 16:20 348160 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\msvcr71.dll
2010-02-12 16:20 . 2010-02-12 16:20 61440 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d4af267-n\decora-sse.dll
2010-02-12 16:20 . 2010-02-12 16:20 12800 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d4af267-n\decora-d3d.dll
2010-02-09 00:19 . 2009-03-22 19:27 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Skype
2010-02-08 22:13 . 2010-02-08 22:13 -------- d-----w- c:\program files\Lame
2010-02-08 01:04 . 2009-04-14 21:46 -------- d-----w- c:\program files\STOPzilla!
2010-02-08 01:00 . 2009-04-14 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-25 15:21 . 2010-01-25 15:21 2 --shatr- c:\windows\winstart.bat
2010-01-17 20:06 . 2010-01-17 20:05 3175784 ----a-w- c:\documents and settings\Voodoo\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-19 13:35 . 2009-09-19 13:35 8 --sh--r- c:\windows\system32\02910CF17B.sys
2009-09-19 13:36 . 2009-09-19 13:35 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"HS3_AutoRun"="c:\program files\Farstone\HackerSmacker\FWMain.exe" [2005-07-23 323584]

c:\documents and settings\Voodoo\Start Menu\Programs\Startup\
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-2-6 2021400]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HackerSmacker 3.0.lnk - c:\program files\Farstone\HackerSmacker\FWMain.exe [2005-7-23 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 07:03 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-08-20 20:24 151552 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 16:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-29 12:30 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 23:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HS3_AutoRun]
2005-07-23 17:49 323584 ----a-w- c:\program files\Farstone\HackerSmacker\FWMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-05-28 17:32 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-01-05 14:39 336896 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 12:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-04 23:51 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-06 11:12 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=3 (0x3)
"Ati HotKey Poller"=3 (0x3)
"SbieSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Super Internet TV\\Super Internet TV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57771:TCP"= 57771:TCP:Pando
"57771:UDP"= 57771:UDP:Pando

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [28/01/2009 12:34 125544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 15:23 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 08:56 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 08:56 66632]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 15:23 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [23/03/2009 17:59 18882]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/03/2009 17:21 303952]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [13/03/2009 21:31 33792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [13/03/2009 20:51 115312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/03/2009 17:21 20824]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/04/2009 13:10 717296]
S2 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys --> \\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys [?]
S3 FWCOM;FWCOM;c:\program files\Farstone\HackerSmacker\FWCOM.exe [18/07/2005 19:27 69632]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\107E.tmp --> c:\windows\system32\107E.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 08:56 12872]
S4 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [28/01/2009 12:34 634488]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 09:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-08 21:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\107E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="83EDC7D649F9EC5F53DBFBE889484F41BA035D8350BF5CBEC761EF84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D679410AECF649C222455881B92C2CFF5DE9073E18CBFA09692D24B72482406A5406255AC1AA5C03C93587072D3570D4EBB96305BC12428191050CAE87E62A5AB0F1C5151926E15751F1FC25DE4586FE92C40625177A867B210F06863812772F2C981FC4F44BFB398068A84E7436AB13E75DD3CC5C3AFD3217C16A50199B6BDA0A0A3C67D4C5EEF52DD7AB2C08470C021B2C1E6E14D61988412227802A51810BF171611535E544DB68E54BAB94E183DCD50C17DF1D0279360E5FC48C99498A4BB847231F0BFEE843B560302CBDC4D7DE4113991649EB1589CDD92F263ED47EB6695D471964BBE013C45725D10FE428B690986264F9B742E07B4D1C97AC9F88876C8DD102B6E18E3F4BF17184618EE24C2A40B33E8BE258C50F82F90605645D183F231BEB82D96030BFE6372519F8A3ABB1FB0248C953FA48B0FA2820AD209540DBB79A3EB1C95E40290D29DB7209571848C5FDA3CBF82D7B1ABA64A1097E4CE719D625918E53647C6D3E243A4395224AF51852B9A7172BCA05ABA8AAF8BBBB479EA1CECB2C95E9926FD957BE61F465FB62718DAEF72D41F9579635749ACB5AECC455CE0551936025297EE577118BAE5F19B8C28A7A036FB37BD293A638BBF16F8255AAABDB9ACD8637E7AD8DB003E2C2212DC42D1EAE4070E2C95B0244F0A7D6FD654B54E2670A852E2C4775FC5245BEBBE874D225674A4051F3AAA5A2F09A505790B5E0DEEF834FD49609E5CEB81D254AB91E0F07A3CF16DC6298EF67AF287748041F823B2FDEE290AE12CD50BB02249377E893B0556BCFB25FA330E11C6CDD9344048602AFD02F8D2E2F3F0CDCF8F1813DBC79EB4A28649104CE7596742D93731D50AB39FB748792482BDFAF3419575C3360FDFDD4586CF35BAEB34096A3CF1E452E8B46FB3D49853614361CFAA607824A047E76A23277210EA76221288BE531609091E8D38E9A788A4B3364976D19B63B24C41D4E908747504AE463326DC89DAD47FCB00D3025DC0F6B2B25C5300BF0186EE1D2E07F9FD0C33B169B29645A49E1156C161D6C756CB0657B017B3B3A7D2BA724D992D841CCDA51279E9EA5B9AA11E8CA45FD61D8D4F82AB2E9CCB6AFA84F18E4CD155E1BE8911530545FD37C5786012BDBBAD166844A12F4FA51755C41252EFB4A03A003A632C6E44466AA4610A41507C4DF7FAAA7720555A7CD4DBF3CE8737C5E7D903C65033D00F0210A191922E9D72FE16C80188B705BA018416DCDEBE78E41B77BF819BE55CE0A394645AA016CAD44E2E30F76E2D997EA5EE52B73CACB919C31C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2010-04-08 21:15:36
ComboFix-quarantined-files.txt 2010-04-08 20:15
ComboFix2.txt 2010-04-08 11:36
ComboFix3.txt 2009-06-21 01:25
ComboFix4.txt 2009-06-20 15:40

Pre-Run: 10,000,711,680 bytes free
Post-Run: 9,963,454,464 bytes free

- - End Of File - - 90EB7FC9F0A710895FB03281D534DA8C

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Thu Apr 08, 2010 8:39 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Thu Apr 08, 2010 8:54 pm

It appears to be slightly better.. I have tried many times repeatedly dragging files, copying and pasting from the desktop.... Has not froze yet.

If it happens over the next couple of days I will report back..
Is there no need to run the OTL anymore?

Did you actually see a problem that could of been causing it?

Regards

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Fri Apr 09, 2010 12:26 am

OTL only goes so deep, it wont find a rootkit if a rootkit was present, but Combofix would of found more if there was a rootkit here.

This looks good to me now. Give it a day or two and report back. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Mon Apr 12, 2010 11:51 pm

Hello there.

I have still been having the same problems unfortunately..

It's only happened four times, on the last one, it happened to happen in explorer, when I tried to drag a file into a rar archive...

Again...any help would be appreciated.

Regards

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Belahzur on Tue Apr 13, 2010 7:00 pm

Hmmm, weird. You could try opening a topic in the software area, not too sure what would be causing this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System freeze when drag and drop

Post by Voods on Tue Apr 20, 2010 11:39 pm

Was just wondering if you could do another check for malware/virus, a deeper check than the usual MBAM and SuperAnti does..

I put my query in the Software section, and the Tech adivsor said it would either be a hard drive problem, or a virus/malware..

Kind Regards

Voods
Senior
Senior

Posts Posts : 229
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 Professional
Protection Protection : Eset Smart Security 4
Points Points : 31454
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum