Unknown System Issues

It's been a while, but my system has been playing up again..

I have been having continual freezes, and slagggish speed.. Also problems with bootin up and down, on occasions the computer locks upon boot up at the screen where you choose normal boot up or recovery console...

Since this has happened, my notifacation area has been going bonkers, and the volume icon never shows on boot up, so I have to use the taskbar repair tool, or reintall it using the XP disc.

I have ran the usual Super anti Spy and Malware bytes scans, with no infections shown... I can do fresh scans if required..

Could I possibly post a Hijack this log

Regards

Dave

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Hi

Thanks for the reply.

OTL is freezing when scanning :

hkey_current_user internet explorer settings...

Regards

Hmm. Okay, post a HJT log if possible.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:58, on 15/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Farstone\HackerSmacker\FWMain.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Documents and Settings\Voodoo\Desktop\MalwareAndSpyware\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\HackerSmacker\webflt.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\Farstone\HackerSmacker\FWMain.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - Startup: Malwarebytes' Anti-Malware.lnk = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HackerSmacker 3.0.lnk = C:\Program Files\Farstone\HackerSmacker\FWMain.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FWCOM - FarStone Technology Inc. - C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe

--
End of file - 7458 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4626

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

16/09/2010 12:42:39
mbam-log-2010-09-16 (12-42-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 223199
Time elapsed: 1 hour(s), 43 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Try OTL again please, see if it lets you run it now.

Hi

OTL still freezes at the same location..

I even tried to run it, with my protection disabled, and then tried it in safe mode, and it still froze.

Regards

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

DDS (Ver_10-03-17.01) - NTFSx86
Run by Voodoo at 15:43:25.81 on 18/09/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.472 [GMT 1:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Farstone\HackerSmacker\FWMain.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
C:\Documents and Settings\Voodoo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HookIe Class: {f0cabd54-804c-452a-aaa0-c8264997fc6d} - c:\program files\farstone\hackersmacker\webflt.DLL
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [USB Safely Remove] c:\program files\usb safely remove\USBSafelyRemove.exe /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [HS3_AutoRun] c:\program files\farstone\hackersmacker\FWMain.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\docume~1\voodoo\startm~1\programs\startup\esetsm~1.lnk - c:\program files\eset\eset smart security\egui.exe
StartupFolder: c:\documents and settings\voodoo\start menu\programs\startup\Malwarebytes' Anti-Malware.lnk.disabled
StartupFolder: c:\docume~1\voodoo\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hacker~1.lnk - c:\program files\farstone\hackersmacker\FWMain.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\voodoo\applic~1\mozilla\firefox\profiles\55x8pt7q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\voodoo\application data\mozilla\firefox\profiles\55x8pt7q.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\voodoo\application data\mozilla\firefox\profiles\55x8pt7q.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\voodoo\application data\mozilla\firefox\profiles\55x8pt7q.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-1-28 125544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [2009-3-23 18882]
R2 KillTheHooker;KillTheHooker;c:\documents and settings\voodoo\desktop\malwareandspyware\new folder\TizerBruteForceEx.sys [2010-5-14 22320]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-13 304464]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2010-7-1 261456]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-9-6 17984]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-3-13 33792]
R3 FWCOM;FWCOM;c:\program files\farstone\hackersmacker\FWCOM.exe [2005-7-18 69632]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-3-13 115312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-13 20952]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
S2 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\program files\\anti trojan elite\\atepmon.sys --> \\c:\\program files\\anti trojan elite\\ATEPMon.sys [?]
S3 EWAVE;EWAVE;c:\windows\system32\drivers\ew.sys [2010-4-30 1447040]
S3 FILESPY;FILESPY;c:\windows\system32\drivers\filespy.sys [2010-4-30 26992]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\jakndis.sys --> c:\windows\system32\drivers\JakNDis.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4a22.tmp --> c:\windows\system32\4A22.tmp [?]
S3 NSTATION;NSTATION;c:\windows\system32\drivers\nstation.sys [2010-4-30 18944]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S4 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2009-1-28 634488]

=============== Created Last 30 ================

2010-09-13 22:07:10 0 d-----w- c:\program files\Microsoft Research
2010-09-13 17:42:45 0 d-----w- c:\docume~1\voodoo\applic~1\FILEminimizerPictures
2010-09-11 16:15:12 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-11 16:15:12 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-11 16:15:10 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-11 16:15:08 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-11 16:15:06 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-11 16:15:04 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-11 16:15:03 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-11 16:15:00 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-11 16:13:58 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-09-11 16:00:24 0 d-----w- c:\program files\NVIDIA Corporation
2010-09-11 15:53:40 0 d-----w- c:\program files\spectra
2010-09-10 12:14:58 0 d-----w- c:\documents and settings\voodoo\Livestation
2010-09-10 12:14:58 0 d-----w- c:\docume~1\voodoo\applic~1\Mchid
2010-09-10 12:14:58 0 d-----w- c:\docume~1\voodoo\applic~1\Livestation
2010-09-10 12:14:27 0 d-----w- c:\program files\OpenAL
2010-09-10 12:14:26 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-10 12:14:25 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-10 12:14:14 0 d-----w- c:\program files\Livestation
2010-09-09 14:54:54 0 d-----w- c:\program files\SopCast
2010-09-06 17:20:51 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-09-06 17:20:44 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-09-06 17:19:41 33982 ----a-w- c:\windows\system32\flk-icon.ico
2010-09-06 17:19:40 0 d-----w- c:\program files\Folder Lock 6
2010-09-06 14:19:07 0 d-----w- c:\program files\Nsasoft
2010-08-20 17:03:42 0 d-----w- c:\docume~1\voodoo\applic~1\Intermedia Software
2010-08-20 17:03:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Intermedia Software
2010-08-20 17:02:44 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-08-20 17:02:43 0 d-----w- c:\program files\Intermedia Software

==================== Find3M ====================

2019-09-25 22:40:32 267856 ----a-w- c:\windows\fonts\Agathodaimon.ttf
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10:44 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-01-25 15:21:47 2 --shatr- c:\windows\winstart.bat

============= FINISH: 15:44:19.13 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13/03/2009 12:18:29
System Uptime: 17/09/2010 17:17:40 (22 hours ago)

Motherboard: Dell Computer Corporation | | 0D2125
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1594/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 9.193 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter
Device ID: PCI\VEN_8086&DEV_1043&SUBSYS_25618086&REV_04\4&39A85202&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter
PNP Device ID: PCI\VEN_8086&DEV_1043&SUBSYS_25618086&REV_04\4&39A85202&0&18F0
Service: w70n51

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AVG818X0 IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AVG818X0 IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: a1sy5jl8

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Beep
Device ID: ROOT\LEGACY_BEEP\0000
Manufacturer:
Name: Beep
PNP Device ID: ROOT\LEGACY_BEEP\0000
Service: Beep

==== System Restore Points ===================

RP96: 17/09/2010 17:27:05 - System Checkpoint
RP97: 17/09/2010 20:33:32 - System Checkpoint

==== Installed Programs ======================

$APPNAME> 2.31
µTorrent
7-Zip 4.65
Adobe AIR
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
AMR Player 1.3
Applian FLV Player
Applied Acoustics Systems - String Studio VS-1 v1.1
ASIO4ALL
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Broadcom Gigabit Integrated Controller
C-Major Audio
CCleaner
CDBurnerXP
Chessmaster 10th Edition
Conexant D480 MDC V.9x Modem
Connections
ConvertHelper 2.2
Dell Driver Download Manager
Desktop Lighter
Directory Lister v0.9.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Flick 1.3.0.7
DVD Shrink 3.2
eBoostr 3
Eraser 5.8.7
ESET Online Scanner v3
ESET Smart Security
eSobi v2
FileMonkey
FLAC 1.2.1b (remove only)
Flash Video Grabber
FLVPlayer4Free Free FLV Player 3.3.0.0
Folder Lock
foobar2000 v1.0.2.1
Foxit PDF IFilter
Foxit Reader
Freecorder 4.01 Application
Freez FLV to MP3 Converter
GPSoftware Directory Opus
Group Shot
HackerSmacker
Harmony Assistant
Helium Music Manager 7 (build 8625)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Autogun
Intel(R) PROSet
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
KeyScrambler
Lemmings for Windows 95
Livestation
Logitech MouseWare 9.79.1
M-Audio Series II MIDI
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.9.5
Memturbo (TM) 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Miroslav Philharmonik CE
Morgan Stream Switcher
MorphVOX Junior
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Kontakt 2
Native Instruments Kontakt 3
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NoteWorthy Composer
NoteWorthy Composer 2
NVIDIA PhysX
O&O MediaRecovery
ObjectDock
OpenAL
Orbit Downloader
OZ711 SCR Driver
PerfectDisk 10 Professional
Personal Chess Trainer 2007 3.02
PixiePack Codec Pack
PowerISO
PrimoPDF -- by Nitro PDF Software
QuickPar 0.9
QuickSFV (Remove only)
RapidShare Manager
Real Alternative 1.9.0
Recuva (remove only)
SampleTank 2
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Sandboxie 3.442
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sibelius 5
SigmaTel AC97 Audio Drivers
Skype™ 4.0
Smart Defrag
SONiVOX DVI Martin Acoustic Guitar
SONiVOX DVI Taylor Acoustic Guitar
SopCast 3.2.9
Sophos Anti-Rootkit 1.3.1
SOWPODS (SCRABBLE) Dictionary
Speccy
SpotAuditor 4.0
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.4
Steinberg Cubase SX v3.0.2.623
Steinberg The Grand 2
SUPERAntiSpyware Free Edition
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Tascam GigaStudio v3.21
Trojan Remover 6.8.2
TVAnts 1.0
TweetDeck
Uniblue RegistryBooster 2010
Uniblue RegistryBooster2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB Safely Remove 4.2
USBKVM Switcher 2.12
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
VirSyn MATRIX VST RTAS v1.2.1
VLC media player 1.1.1
VobSub v2.23 (Remove Only)
Waves Vocal Bundle v1.1
WebFldrs XP
WinAVI MP4 Converter
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Essentials Media Codec Pack 2.2c
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format Runtime
Windows XP Service Pack 3
WordWeb Pro
XML Paper Specification Shared Components Pack 1.0
XYplorer 9.50
Zyzzyva

==== Event Viewer Messages From Past Week ========

17/09/2010 17:27:04, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000033' while processing the file 'u â~ ¤äRt
' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
17/09/2010 16:40:21, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '93d3_appcompat.txt' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
17/09/2010 11:12:28, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdi Fips intelppm IPSec MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu sptd StarOpen Tcpip
17/09/2010 11:12:28, error: Service Control Manager [7001] - The QoS RSVP service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
17/09/2010 11:12:28, error: Service Control Manager [7001] - The fsnet service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/09/2010 11:12:28, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/09/2010 11:12:28, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
17/09/2010 11:12:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
17/09/2010 11:11:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/09/2010 11:11:33, error: sptd [4] - Driver detected an internal error in its data structures for .
14/09/2010 09:52:26, error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
14/09/2010 09:52:26, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
14/09/2010 00:16:02, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
13/09/2010 23:25:41, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).
13/09/2010 23:25:41, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
13/09/2010 23:25:41, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Hi not to pester, but just wondered if you was any closer to a conclusion?
I have been having connection problems the past couple of days, so I haven't always had internet access from my computer...My system does seem tgo be degrading..

Regards

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 10-09-21.01 - Voodoo 21/09/2010 23:48:36.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.648 [GMT 1:00]
Running from: c:\documents and settings\Voodoo\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-17 16:22 . 2010-08-02 21:09 3683248 ----a-w- c:\documents and settings\Voodoo\Application Data\Simply Super Software\Trojan Remover\xdg29.exe
2010-09-13 22:07 . 2010-09-13 22:07 -------- d-----w- c:\program files\Microsoft Research
2010-09-13 17:42 . 2010-09-13 17:42 -------- d-----w- c:\documents and settings\Voodoo\Application Data\FILEminimizerPictures
2010-09-11 16:15 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-11 16:15 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-11 16:15 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-11 16:15 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-11 16:15 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-11 16:15 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-11 16:15 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-11 16:15 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-11 16:13 . 2008-05-30 13:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-09-11 16:00 . 2010-09-11 16:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-11 15:53 . 2010-09-11 16:02 -------- d-----w- c:\program files\spectra
2010-09-10 12:14 . 2010-09-10 12:18 -------- d-----w- c:\documents and settings\Voodoo\Livestation
2010-09-10 12:14 . 2010-09-10 12:14 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Mchid
2010-09-10 12:14 . 2010-09-10 12:14 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Livestation
2010-09-10 12:14 . 2010-09-10 12:14 -------- d-----w- c:\program files\OpenAL
2010-09-10 12:14 . 2010-09-10 12:14 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-10 12:14 . 2010-09-10 12:14 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-10 12:14 . 2010-09-10 12:14 -------- d-----w- c:\program files\Livestation
2010-09-09 14:54 . 2010-09-09 14:55 -------- d-----w- c:\program files\SopCast
2010-09-06 17:20 . 2010-09-06 17:20 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-09-06 17:20 . 2010-09-06 17:20 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-09-06 17:19 . 2010-09-06 17:37 -------- d-----w- c:\program files\Folder Lock 6
2010-09-06 14:19 . 2010-09-06 14:20 -------- d-----w- c:\program files\Nsasoft
2010-08-31 13:09 . 2010-08-31 13:09 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\Cooliris
2010-08-31 13:08 . 2010-06-14 11:08 4687872 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-08-31 13:08 . 2010-06-14 11:08 103424 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-08-31 13:08 . 2010-06-14 11:08 545280 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-08-31 13:08 . 2010-06-14 11:08 4687360 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-08-31 13:08 . 2010-06-14 11:08 425984 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-08-31 13:08 . 2010-06-14 11:08 152064 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-08-31 13:08 . 2010-06-14 11:08 57856 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-08-23 20:52 . 2008-04-14 05:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 22:36 . 2009-03-14 14:10 -------- d-----w- c:\program files\XYplorer
2010-09-21 22:33 . 2009-03-14 14:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\foobar2000
2010-09-21 18:51 . 2010-05-05 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-21 18:51 . 2009-03-31 15:24 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Media Player Classic
2010-09-19 19:13 . 2009-03-13 18:44 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Orbit
2010-09-18 14:40 . 2009-03-22 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-17 14:17 . 2009-06-21 16:01 -------- d-----w- c:\program files\SpywareBlaster
2010-09-17 11:52 . 2010-05-04 09:52 63488 ----a-w- c:\documents and settings\Voodoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-17 11:52 . 2009-12-30 01:46 117760 ----a-w- c:\documents and settings\Voodoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-13 19:01 . 2009-05-25 13:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-13 17:49 . 2010-07-28 18:38 -------- d-----w- c:\program files\RapidSolution
2010-09-13 17:46 . 2010-06-01 13:56 -------- d-----w- c:\program files\OO Software
2010-09-13 17:43 . 2010-01-15 00:32 -------- d-----w- c:\program files\FLV Player
2010-09-11 15:59 . 2010-01-25 16:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-11 13:23 . 2009-04-07 22:59 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Thinstall
2010-09-06 23:47 . 2009-03-23 18:08 -------- d-----w- c:\program files\CCleaner
2010-09-06 09:50 . 2010-07-26 11:23 -------- d-----w- c:\documents and settings\Voodoo\Application Data\vlc
2010-09-03 15:32 . 2010-08-05 20:24 -------- d-----w- c:\program files\RapidShareManager
2010-08-31 21:09 . 2009-08-02 15:45 -------- d-----w- c:\program files\SOWPODS (SCRABBLE) Dictionary
2010-08-31 00:50 . 2009-03-13 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 14:03 . 2010-03-14 23:06 -------- d-----w- c:\documents and settings\Voodoo\Application Data\PrimoPDF
2010-08-20 17:03 . 2010-08-20 17:03 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Intermedia Software
2010-08-20 17:03 . 2010-08-20 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Intermedia Software
2010-08-20 17:02 . 2010-08-20 17:02 -------- d-----w- c:\program files\Intermedia Software
2010-08-18 14:11 . 2010-08-20 17:03 1630720 ---ha-w- c:\documents and settings\All Users\Application Data\Intermedia Software\Helium 7\Data\LicenseManager2010.dll
2010-08-18 13:54 . 2010-08-20 23:13 2392064 ----a-w- c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
2010-08-17 13:17 . 2003-07-16 16:40 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 17:25 . 2009-07-14 11:22 -------- d-----w- c:\program files\Anti Trojan Elite
2010-08-15 10:33 . 2009-03-13 15:04 -------- d-----w- c:\program files\7-Zip
2010-08-12 17:32 . 2010-08-12 17:32 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Nero
2010-08-12 17:30 . 2010-08-12 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-12 17:30 . 2010-08-12 17:28 -------- d-----w- c:\program files\Nero
2010-08-12 17:29 . 2010-08-12 17:28 -------- d-----w- c:\program files\Common Files\Nero
2010-08-09 19:08 . 2010-08-09 19:08 -------- d-----w- c:\program files\WinLemm
2010-08-09 17:54 . 2010-05-23 19:25 -------- d-----w- c:\program files\SnapDragon Games
2010-08-09 17:51 . 2010-08-09 17:06 -------- d-----w- c:\program files\Ahead
2010-08-02 21:09 . 2010-03-17 17:10 3683248 ----a-w- c:\documents and settings\Voodoo\Application Data\Simply Super Software\Trojan Remover\mgeB45.exe
2010-07-29 10:48 . 2010-07-29 10:48 -------- d-----w- c:\program files\Audacity
2010-07-28 19:21 . 2010-07-28 19:20 -------- d-----w- c:\program files\Freecorder
2010-07-28 18:41 . 2010-07-28 18:41 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-07-28 18:40 . 2010-07-28 18:40 77664 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgSoundclick.dll
2010-07-28 18:40 . 2010-07-28 18:40 59232 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgPandora.dll
2010-07-28 18:40 . 2010-07-28 18:40 87904 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgMyspace.dll
2010-07-28 18:40 . 2010-07-28 18:40 84320 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgImeem.dll
2010-07-28 18:40 . 2010-07-28 18:40 103264 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgLastfm.dll
2010-07-28 18:40 . 2010-07-28 18:40 62816 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgIJigg.dll
2010-07-28 18:40 . 2010-07-28 18:40 114528 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgHypemachine.dll
2010-07-28 18:40 . 2010-07-28 18:40 94560 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgGeneral.dll
2010-07-28 18:40 . 2010-07-28 18:40 89952 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgDeezer.dll
2010-07-28 18:40 . 2010-07-28 18:40 46944 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\PlgDefault.dll
2010-07-28 18:40 . 2010-07-28 18:40 347488 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker_2009\RadioRip\RadioRip.dll
2010-07-28 18:38 . 2009-10-01 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2010-07-27 13:46 . 2010-07-27 13:46 -------- d-----w- c:\program files\PowerISO
2010-07-26 11:20 . 2010-05-09 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-26 11:20 . 2010-05-10 10:11 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-26 11:20 . 2009-04-23 21:31 -------- d-----w- c:\documents and settings\Voodoo\Application Data\dvdcss
2010-07-26 11:19 . 2010-07-26 11:19 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-26 11:19 . 2009-09-25 12:04 -------- d-----w- c:\program files\DivX
2010-07-26 11:19 . 2010-07-26 11:19 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-26 11:17 . 2010-07-26 11:17 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-26 11:16 . 2010-05-10 10:11 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-26 11:14 . 2010-05-10 10:11 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-22 15:49 . 2002-11-07 17:47 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 22:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 13:56 . 2010-06-30 13:56 306688 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-30 12:31 . 2003-07-16 16:37 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 21:35 . 2009-05-10 17:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-24 12:10 . 2009-03-13 14:38 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2003-07-16 16:45 667136 ----a-w- c:\windows\system32\wininet.dll
2010-01-25 15:21 . 2010-01-25 15:21 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-12-06 3911680]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HS3_AutoRun"="c:\program files\Farstone\HackerSmacker\FWMain.exe" [2005-07-23 323584]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]

c:\documents and settings\Voodoo\Start Menu\Programs\Startup\
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-2-6 2021400]
Malwarebytes' Anti-Malware.lnk.disabled [2010-8-11 696]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-6-30 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HackerSmacker 3.0.lnk - c:\program files\Farstone\HackerSmacker\FWMain.exe [2005-7-23 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2010-01-08 836056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 07:03 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-08-20 20:24 151552 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2005-11-10 18:44 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-29 12:30 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Directory Opus Desktop Dblclk]
2010-01-08 09:45 271840 ----a-w- c:\program files\GPSoftware\Directory Opus\dopusrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 23:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HS3_AutoRun]
2005-07-23 17:49 323584 ----a-w- c:\program files\Farstone\HackerSmacker\FWMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
2010-06-24 19:08 4657152 ----a-w- c:\program files\Livestation\Livestation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-05-28 17:32 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56 394984 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 12:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-31 00:50 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 22:18 65216 ------w- c:\program files\WordWeb\wweb32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=2 (0x2)
"Ati HotKey Poller"=3 (0x3)
"SbieSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [28/01/2009 12:34 125544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 15:23 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 08:56 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 08:56 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 15:23 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [23/03/2009 17:59 18882]
R2 KillTheHooker;KillTheHooker;c:\documents and settings\Voodoo\Desktop\MalwareAndSpyware\New Folder\TizerBruteForceEx.sys [14/05/2010 11:58 22320]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/03/2009 17:21 304464]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 12:07 503080]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [01/07/2010 12:26 261456]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [06/09/2010 18:20 17984]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [13/03/2009 21:31 33792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [13/03/2009 20:51 115312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/03/2009 17:21 20952]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]
S2 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys --> \\c:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys [?]
S3 EWAVE;EWAVE;c:\windows\system32\drivers\ew.sys [30/04/2010 20:48 1447040]
S3 FILESPY;FILESPY;c:\windows\system32\drivers\filespy.sys [30/04/2010 20:48 26992]
S3 FWCOM;FWCOM;c:\program files\Farstone\HackerSmacker\FWCOM.exe [18/07/2005 19:27 69632]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4A22.tmp --> c:\windows\system32\4A22.tmp [?]
S3 NSTATION;NSTATION;c:\windows\system32\drivers\nstation.sys [30/04/2010 20:48 18944]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 08:56 12872]
S4 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [28/01/2009 12:34 634488]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/04/2009 13:10 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-19 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-23 17:08]

2010-09-21 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Voodoo\Application Data\Mozilla\Firefox\Profiles\55x8pt7q.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{7514BBA2-951B-45A0-BA2B-CA259968C9ED} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{7514B~1\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 23:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\sys_drv.dat 7028 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\Voodoo\Application Data\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"=multi:"system32\drivers\atapi.sys\00\00ImagePath\00AppInit_DLLs\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"=multi:"system32\drivers\atapi.sys\00\00ImagePath\00AppInit_DLLs\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4A22.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57AE0684-9F60-473D-9BD6-A5EA421779DB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abplbcfgommlbiknilmokbjgecnhflhjkj"=hex:61,62,62,6c,65,6c,66,6f,6f,68,6a,65,
66,6b,67,66,64,69,68,6f,66,67,6e,69,69,70,6e,6e,68,6b,6e,6c,69,68,00,00
"bbplbcfgommlbiknilbpbdpfhaeigcibjdcg"=hex:61,62,67,6c,6d,6b,61,6f,67,6b,63,6b,
64,6a,63,68,64,6d,6e,63,70,6f,64,67,69,6a,67,6e,6a,6c,6e,6a,64,67,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="83EDC7D649F9EC5F53DBFBE889484F41BA035D8350BF5CBEC761EF84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D679410AECF649C222455881B92C2CFF5DE9073E18CBFA09692D24B72482406A5406255AC1AA5C03C93587072D3570D4EBB96305BC12428191050CAE87E62A5AB0F1C5151926E15751F1FC25DE4586FE92C40625177A867B210F06863812772F2C981FC4F44BFB398068A84E7436AB13E75DD3CC5C3AFD3217C16A50199B6BDA0A0A3C67D4C5EEF52DD7AB2C08470C021B2C1E6E14D61988412227802A51810BF171611535E544DB68E54BAB94E183DCD50C17DF1D0279360E5FC48C99498A4BB847231F0BFEE843B560302CBDC4D7DE4113991649EB1589CDD92F263ED47EB6695D471964BBE013C45725D10FE428B690986264F9B742E07B4D1C97AC9F88876C8DD102B6E18E3F4BF17184618EE24C2A40B33E8BE258C50F82F90605645D183F231BEB82D96030BFE6372519F8A3ABB1FB0248C953FA48B0FA2820AD209540DBB79A3EB1C95E40290D29DB7209571848C5FDA3CBF82D7B1ABA64A1097E4CE719D625918E53647C6D3E243A4395224AF51852B9A7172BCA05ABA8AAF8BBBB479EA1CECB2C95E9926FD957BE61F465FB62718DAEF72D41F9579635749ACB5AECC455CE0551936025297EE577118BAE5F19B8C28A7A036FB37BD293A638BBF16F8255AAABDB9ACD8637E7AD8DB003E2C2212DC42D1EAE4070E2C95B0244F0A7D6FD654B54E2670A852E2C4775FC5245BEBBE874D225674A4051F3AAA5A2F09A505790B5E0DEEF834FD49609E5CEB81D254AB91E0F07A3CF16DC6298EF67AF287748041F823B2FDEE290AE12CD50BB02249377E893B0556BCFB25FA330E11C6CDD9344048602AFD02F8D2E2F3F0CDCF8F1813DBC79EB4A28649104CE7596742D93731D50AB39FB748792482BDFAF3419575C3360FDFDD4586CF35BAEB34096A3CF1E452E8B46FB3D49853614361CFAA607824A047E76A23277210EA76221288BE531609091E8D38E9A788A4B3364976D19B63B24C41D4E908747504AE463326DC89DAD47FCB00D3025DC0F6B2B25C5300BF0186EE1D2E07F9FD0C33B169B29645A49E1156C161D6C756CB0657B017B3B3A7D2BA724D992D841CCDA51279E9EA5B9AA11E8CA45FD61D8D4F82AB2E9CCB6AFA84F18E4CD155E1BE8911530545FD37C5786012BDBBAD166844A12F4FA51755C41252EFB4A03A003A632C6E44466AA4610A41507C4DF7FAAA7720555A7CD4DBF3CE8737C5E7D903C65033D00F0210A191922E9D72FE16C80188B705BA018416DCDEBE78E41B77BF819BE55CE0A394645AA016CAD44E2E30F76E2D997EA5EE52B73CACB919C31C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2010-09-21 23:55:54
ComboFix-quarantined-files.txt 2010-09-21 22:55
ComboFix2.txt 2010-05-10 22:50

Pre-Run: 6,594,367,488 bytes free
Post-Run: 6,573,723,648 bytes free

- - End Of File - - 66BD05A8B3FB4C2D5CCB3BC35927DD40


Last edited by Voods on 21st September 2010, 11:11 pm; edited 1 time in total (Reason for editing : Missed part off)