System freeze when drag and drop

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   RegNull::
   [HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{240FDE14-45E3-78FC-9192-675E29ECCB9E}*]
   [HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD42A954-F9E7-F446-D346-A866649FEB8A}*]
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-04-07.04 - Voodoo 08/04/2010 21:08:47.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.299 [GMT 1:00]
Running from: c:\documents and settings\Voodoo\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Voodoo\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 17:28 . 2009-08-02 17:49 3036024 ----a-w- c:\documents and settings\Voodoo\Application Data\Simply Super Software\Trojan Remover\awk1058.exe
2010-04-07 14:36 . 2010-04-07 14:36 -------- d-----w- c:\program files\Bytescout XLS Viewer
2010-04-07 13:50 . 2010-04-07 13:50 -------- d-----w- c:\program files\Rollercoaster Rush
2010-04-06 19:01 . 2010-04-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-06 19:01 . 2010-04-07 10:54 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-04 23:47 . 2010-04-06 10:25 -------- d-----w- c:\program files\Steam
2010-04-03 13:06 . 2009-02-04 18:58 950272 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\MasteringReverb.dll
2010-04-03 13:06 . 2009-02-04 18:58 2990080 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\iZMasteringReverb.dll
2010-04-03 13:06 . 2008-12-09 14:12 377344 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Equalizer.dll
2010-04-03 13:06 . 2008-10-17 10:12 376320 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Delay.dll
2010-04-03 13:06 . 2008-07-18 08:22 359424 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\Effects\Chorus.dll
2010-04-03 13:05 . 2010-04-03 13:05 765722 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Taylor Acoustic Guitar\unins000.exe
2010-04-03 13:01 . 2010-04-03 13:01 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\Voodoo\Application Data\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-04-03 12:52 . 2010-04-03 12:52 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\PACE Anti-Piracy
2010-04-03 12:47 . 2008-07-02 15:26 630784 ----a-w- c:\windows\system32\ilinet.dll
2010-04-03 12:47 . 2005-05-08 17:56 55808 ----a-w- c:\windows\system32\zlib1.dll
2010-04-03 12:47 . 2005-05-08 17:55 203264 ----a-w- c:\windows\system32\libpng13.dll
2010-04-03 12:47 . 2009-02-04 18:58 950272 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\MasteringReverb.dll
2010-04-03 12:47 . 2009-02-04 18:58 2990080 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\iZMasteringReverb.dll
2010-04-03 12:47 . 2008-12-09 14:12 377344 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Equalizer.dll
2010-04-03 12:47 . 2008-10-17 10:12 376320 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Delay.dll
2010-04-03 12:47 . 2008-07-18 08:22 359424 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\Effects\Chorus.dll
2010-04-03 12:45 . 2010-04-03 12:45 -------- d-----w- c:\program files\SONiVOX
2010-04-03 12:44 . 2010-04-03 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SONiVOX
2010-04-03 12:44 . 2010-04-03 12:44 765722 ----a-w- c:\documents and settings\All Users\Application Data\SONiVOX\DVI Martin Acoustic Guitar\unins000.exe
2010-04-03 12:43 . 2010-04-03 12:43 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-03 12:42 . 2010-04-03 12:42 -------- d-----w- c:\program files\InterLok
2010-04-02 21:28 . 2004-11-26 12:16 225280 ----a-w- c:\windows\system32\ReWire.dll
2010-04-02 17:41 . 2010-04-02 17:43 -------- d-----w- c:\documents and settings\Voodoo\Application Data\ACAMPREF
2010-04-02 17:41 . 2010-04-02 17:42 -------- d-----w- c:\program files\Harmony Assistant
2010-04-01 14:13 . 1995-09-29 19:37 30048 ----a-w- c:\windows\Unwise.exe
2010-04-01 14:13 . 2010-04-01 14:13 -------- d-----w- c:\program files\DISCOVERY MULTIMEDIA
2010-03-31 15:05 . 2010-03-31 15:05 -------- d-----w- c:\program files\Java
2010-03-30 21:43 . 2010-04-05 00:18 -------- d-----w- C:\Games
2010-03-30 21:09 . 2000-01-27 14:27 557056 ----a-w- c:\windows\system32\WONshell.dll
2010-03-30 21:09 . 2000-01-27 14:27 196608 ----a-w- c:\windows\system32\WONauth.dll
2010-03-30 21:09 . 1999-09-08 12:45 233472 ----a-w- c:\windows\system32\SNWValid.dll
2010-03-30 21:09 . 1999-09-08 12:45 1204224 ----a-w- c:\windows\system32\SierraNW.dll
2010-03-30 21:09 . 2010-03-30 21:09 -------- d-----w- c:\program files\Sierra On-Line
2010-03-30 21:09 . 1999-09-08 12:45 24928 ----a-w- c:\windows\system32\Sigres.exe
2010-03-30 21:09 . 1999-09-08 12:45 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-03-30 21:09 . 2010-03-30 21:09 -------- d-----w- C:\Sierra
2010-03-29 16:40 . 2010-04-02 17:31 -------- d-----w- C:\Update
2010-03-28 16:22 . 2010-03-28 16:22 -------- d-----w- c:\program files\FLAC
2010-03-19 20:16 . 2010-03-19 20:16 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\Pando
2010-03-19 20:15 . 2010-03-19 20:15 -------- d-----w- c:\program files\Pando Networks
2010-03-16 13:26 . 2010-03-16 13:26 -------- d-----w- c:\program files\Speccy
2010-03-14 23:06 . 2010-04-07 16:51 -------- d-----w- c:\documents and settings\Voodoo\Application Data\PrimoPDF
2010-03-14 22:51 . 2010-03-16 13:50 -------- d-----w- c:\program files\Nitro PDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 19:07 . 2009-04-07 14:05 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Spotify
2010-04-08 18:29 . 2009-03-14 14:10 -------- d-----w- c:\program files\XYplorer
2010-04-08 13:59 . 2009-03-14 14:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\foobar2000
2010-04-08 00:44 . 2010-02-21 00:46 -------- d-----w- c:\documents and settings\Voodoo\Application Data\vlc
2010-04-06 11:51 . 2009-03-22 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-06 11:50 . 2009-06-21 16:01 -------- d-----w- c:\program files\SpywareBlaster
2010-04-06 11:14 . 2009-12-30 01:46 117760 ----a-w- c:\documents and settings\Voodoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-06 11:12 . 2009-03-13 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-06 11:06 . 2009-03-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 11:05 . 2010-01-28 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2010-04-06 11:04 . 2009-03-13 16:27 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 01:37 . 2009-03-13 18:44 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Orbit
2010-04-06 01:23 . 2010-01-30 22:01 436207616 --sha-w- C:\eboostr.dat
2010-04-05 20:18 . 2009-04-23 21:31 -------- d-----w- c:\documents and settings\Voodoo\Application Data\dvdcss
2010-04-03 13:01 . 2009-03-22 17:03 -------- d-----w- c:\program files\Native Instruments
2010-04-02 22:34 . 2009-03-13 20:31 -------- d-----w- c:\program files\Syncrosoft
2010-04-02 22:10 . 2009-03-14 13:39 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Steinberg
2010-04-02 17:54 . 2009-03-14 12:30 32 ----a-w- c:\windows\msocreg32.dat
2010-04-02 17:49 . 2009-03-13 14:44 173424 ----a-w- c:\documents and settings\Voodoo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 17:41 . 2010-04-02 17:41 1409 ----a-w- c:\windows\Fonts\SToccata.fot
2010-03-31 15:05 . 2009-03-13 18:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 23:46 . 2009-03-13 16:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-03-13 16:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:55 . 2009-03-14 13:32 -------- d-----w- c:\program files\foobar2000
2010-03-16 13:25 . 2009-03-23 18:08 -------- d-----w- c:\program files\CCleaner
2010-03-09 17:12 . 2010-03-09 17:12 -------- d-----w- c:\program files\QuickSFV
2010-03-09 16:55 . 2010-03-09 16:55 -------- d-----w- c:\program files\QuickPar
2010-03-08 23:26 . 2010-03-08 23:24 -------- d-----w- c:\documents and settings\Voodoo\Application Data\FMZilla
2010-03-08 23:23 . 2009-03-13 18:44 -------- d-----w- c:\program files\Orbitdownloader
2010-03-08 23:21 . 2010-03-08 23:21 -------- d-----w- c:\documents and settings\Voodoo\Application Data\OpenCandy
2010-03-08 23:21 . 2010-03-08 23:21 939909 ----a-w- c:\documents and settings\Voodoo\Application Data\OpenCandy\FreeMusicZillaWrapped.exe
2010-03-06 14:41 . 2010-03-06 14:41 -------- d-----w- c:\program files\Smallvideosoft
2010-03-06 14:04 . 2009-03-13 18:45 -------- d-----w- c:\documents and settings\Voodoo\Application Data\GrabPro
2010-03-04 14:52 . 2010-03-04 14:51 -------- d-----w- c:\program files\KGB Archiver
2010-03-02 11:43 . 2010-03-02 11:43 65567 ----a-w- c:\documents and settings\All Users\Application Data\tmpE2A6.tmp
2010-03-02 11:43 . 2010-03-02 11:43 65564 ----a-w- c:\documents and settings\All Users\Application Data\tmpE29B.tmp
2010-03-02 11:37 . 2010-03-02 11:37 3804950 ----a-w- c:\documents and settings\All Users\Application Data\tmpE004.tmp
2010-02-28 19:15 . 2010-02-28 19:00 -------- d-----w- c:\program files\TrojanHunter 5.0
2010-02-28 19:03 . 2010-02-28 19:03 -------- d-----w- c:\documents and settings\Voodoo\Application Data\TrojanHunter
2010-02-28 15:04 . 2010-02-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-02-28 15:04 . 2010-02-28 15:03 -------- d-----w- c:\program files\Raxco
2010-02-27 22:46 . 2010-02-27 22:46 -------- d-----w- c:\program files\MyRealGames.com
2010-02-26 05:43 . 2003-07-16 16:45 667136 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2009-03-13 14:38 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-16 18:40 . 2009-12-27 16:35 -------- d-----w- c:\program files\Veetle
2010-02-12 17:54 . 2009-06-08 21:44 1227816 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-12 16:20 . 2010-02-12 16:20 -------- d-----w- c:\program files\Common Files\Java
2010-02-12 16:20 . 2010-02-12 16:20 503808 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\msvcp71.dll
2010-02-12 16:20 . 2010-02-12 16:20 499712 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\jmc.dll
2010-02-12 16:20 . 2010-02-12 16:20 348160 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-209f1d52-n\msvcr71.dll
2010-02-12 16:20 . 2010-02-12 16:20 61440 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d4af267-n\decora-sse.dll
2010-02-12 16:20 . 2010-02-12 16:20 12800 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d4af267-n\decora-d3d.dll
2010-02-09 00:19 . 2009-03-22 19:27 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Skype
2010-02-08 22:13 . 2010-02-08 22:13 -------- d-----w- c:\program files\Lame
2010-02-08 01:04 . 2009-04-14 21:46 -------- d-----w- c:\program files\STOPzilla!
2010-02-08 01:00 . 2009-04-14 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-25 15:21 . 2010-01-25 15:21 2 --shatr- c:\windows\winstart.bat
2010-01-17 20:06 . 2010-01-17 20:05 3175784 ----a-w- c:\documents and settings\Voodoo\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-19 13:35 . 2009-09-19 13:35 8 --sh--r- c:\windows\system32\02910CF17B.sys
2009-09-19 13:36 . 2009-09-19 13:35 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"HS3_AutoRun"="c:\program files\Farstone\HackerSmacker\FWMain.exe" [2005-07-23 323584]

c:\documents and settings\Voodoo\Start Menu\Programs\Startup\
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-2-6 2021400]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HackerSmacker 3.0.lnk - c:\program files\Farstone\HackerSmacker\FWMain.exe [2005-7-23 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 07:03 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-08-20 20:24 151552 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 16:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-29 12:30 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 23:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HS3_AutoRun]
2005-07-23 17:49 323584 ----a-w- c:\program files\Farstone\HackerSmacker\FWMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-05-28 17:32 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-01-05 14:39 336896 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 12:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-04 23:51 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-06 11:12 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=3 (0x3)
"Ati HotKey Poller"=3 (0x3)
"SbieSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Super Internet TV\\Super Internet TV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57771:TCP"= 57771:TCP:Pando
"57771:UDP"= 57771:UDP:Pando

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [28/01/2009 12:34 125544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 15:23 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 08:56 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 08:56 66632]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 15:23 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [23/03/2009 17:59 18882]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/03/2009 17:21 303952]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [13/03/2009 21:31 33792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [13/03/2009 20:51 115312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/03/2009 17:21 20824]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/04/2009 13:10 717296]
S2 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys --> \\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys [?]
S3 FWCOM;FWCOM;c:\program files\Farstone\HackerSmacker\FWCOM.exe [18/07/2005 19:27 69632]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\107E.tmp --> c:\windows\system32\107E.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 08:56 12872]
S4 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [28/01/2009 12:34 634488]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 09:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 21:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\107E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="83EDC7D649F9EC5F53DBFBE889484F41BA035D8350BF5CBEC761EF84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D679410AECF649C222455881B92C2CFF5DE9073E18CBFA09692D24B72482406A5406255AC1AA5C03C93587072D3570D4EBB96305BC12428191050CAE87E62A5AB0F1C5151926E15751F1FC25DE4586FE92C40625177A867B210F06863812772F2C981FC4F44BFB398068A84E7436AB13E75DD3CC5C3AFD3217C16A50199B6BDA0A0A3C67D4C5EEF52DD7AB2C08470C021B2C1E6E14D61988412227802A51810BF171611535E544DB68E54BAB94E183DCD50C17DF1D0279360E5FC48C99498A4BB847231F0BFEE843B560302CBDC4D7DE4113991649EB1589CDD92F263ED47EB6695D471964BBE013C45725D10FE428B690986264F9B742E07B4D1C97AC9F88876C8DD102B6E18E3F4BF17184618EE24C2A40B33E8BE258C50F82F90605645D183F231BEB82D96030BFE6372519F8A3ABB1FB0248C953FA48B0FA2820AD209540DBB79A3EB1C95E40290D29DB7209571848C5FDA3CBF82D7B1ABA64A1097E4CE719D625918E53647C6D3E243A4395224AF51852B9A7172BCA05ABA8AAF8BBBB479EA1CECB2C95E9926FD957BE61F465FB62718DAEF72D41F9579635749ACB5AECC455CE0551936025297EE577118BAE5F19B8C28A7A036FB37BD293A638BBF16F8255AAABDB9ACD8637E7AD8DB003E2C2212DC42D1EAE4070E2C95B0244F0A7D6FD654B54E2670A852E2C4775FC5245BEBBE874D225674A4051F3AAA5A2F09A505790B5E0DEEF834FD49609E5CEB81D254AB91E0F07A3CF16DC6298EF67AF287748041F823B2FDEE290AE12CD50BB02249377E893B0556BCFB25FA330E11C6CDD9344048602AFD02F8D2E2F3F0CDCF8F1813DBC79EB4A28649104CE7596742D93731D50AB39FB748792482BDFAF3419575C3360FDFDD4586CF35BAEB34096A3CF1E452E8B46FB3D49853614361CFAA607824A047E76A23277210EA76221288BE531609091E8D38E9A788A4B3364976D19B63B24C41D4E908747504AE463326DC89DAD47FCB00D3025DC0F6B2B25C5300BF0186EE1D2E07F9FD0C33B169B29645A49E1156C161D6C756CB0657B017B3B3A7D2BA724D992D841CCDA51279E9EA5B9AA11E8CA45FD61D8D4F82AB2E9CCB6AFA84F18E4CD155E1BE8911530545FD37C5786012BDBBAD166844A12F4FA51755C41252EFB4A03A003A632C6E44466AA4610A41507C4DF7FAAA7720555A7CD4DBF3CE8737C5E7D903C65033D00F0210A191922E9D72FE16C80188B705BA018416DCDEBE78E41B77BF819BE55CE0A394645AA016CAD44E2E30F76E2D997EA5EE52B73CACB919C31C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2010-04-08 21:15:36
ComboFix-quarantined-files.txt 2010-04-08 20:15
ComboFix2.txt 2010-04-08 11:36
ComboFix3.txt 2009-06-21 01:25
ComboFix4.txt 2009-06-20 15:40

Pre-Run: 10,000,711,680 bytes free
Post-Run: 9,963,454,464 bytes free

- - End Of File - - 90EB7FC9F0A710895FB03281D534DA8C

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

It appears to be slightly better.. I have tried many times repeatedly dragging files, copying and pasting from the desktop.... Has not froze yet.

If it happens over the next couple of days I will report back..
Is there no need to run the OTL anymore?

Did you actually see a problem that could of been causing it?

Regards

OTL only goes so deep, it wont find a rootkit if a rootkit was present, but Combofix would of found more if there was a rootkit here.

This looks good to me now. Give it a day or two and report back.

Hello there.

I have still been having the same problems unfortunately..

It's only happened four times, on the last one, it happened to happen in explorer, when I tried to drag a file into a rar archive...

Again...any help would be appreciated.

Regards

Hmmm, weird. You could try opening a topic in the software area, not too sure what would be causing this.

Was just wondering if you could do another check for malware/virus, a deeper check than the usual MBAM and SuperAnti does..

I put my query in the Software section, and the Tech adivsor said it would either be a hard drive problem, or a virus/malware..

Kind Regards