Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page Computer Freezes
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
LinkBack Thread Tools
Old 04-18-2009, 10:30 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 3
OS: Vista


Computer Freezes
The problem is on my normal computer 2 days ago it started running slow, then next day got worst when i log into sites it would fail and i would have to refresh, today programs freezing and now the worst problem it takes while to startup and when i get on main windows page it freezes and i can't do nothing
Now i've run scans with spyware doctor and kaspersky they got some stuff but nothing wored then did scans with registry mechanic and malwares byes and nothing worked Sad
Can someone please help me this problem is really annoying and i've had to use my old comp which is **** Sad
ty!
mrajdadas is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-18-2009, 09:13 PM   #2 (permalink)
Analyst, Security Team
 
Join Date: Feb 2006
Posts: 222
OS: 2K


Re: Computer Freezes
Welcome to TSF mrajdadas,

Since you don't mention it, have you tried booting into Safe Mode (at startup tap the F8 key about once per second, then selecting that from the menu)? If you can do that, select Safe Mode with Networking, and then Click here and download sUBs' dds.scr to your desktop, then click that to run the scan. A window will open while the scan runs, and when it completes two logs will open in Notepad - DDS.txt and Attach.txt. An additional message box will open that you can just X close.

Save those two log files to your desktop (go to File - Save As and browse to your desktop to save each), then post the DDS.txt and attach the other to your post.
__________________
Jintan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-18-2009, 09:52 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 3
OS: Vista


Re: Computer Freezes
Am im running in safe mode now, i posted DDS txt one and attached the other one, please help =[


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by **** at 13:46:04.96 on Sun 04/19/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1315 [GMT 10:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\****\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\niorllcg.default\

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-18 130424]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-18 348752]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-4-18 159600]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [2006-10-23 9856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-15 179856]
S2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-1-8 185640]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2006-10-23 167424]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-15 15504]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-4-18 64392]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2006-10-23 15872]

=============== Created Last 30 ================

2009-04-19 13:35 161,792 a------- c:\windows\SWREG.exe
2009-04-19 13:35 98,816 a------- c:\windows\sed.exe
2009-04-19 13:34 <DIR> --d----- C:\ComboFix
2009-04-19 00:55 <DIR> --d----- c:\users\adam\appdata\roaming\IObit
2009-04-19 00:55 <DIR> --d----- c:\program files\IObit
2009-04-18 23:10 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-18 23:09 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-18 23:09 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-18 23:09 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-18 23:09 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-18 23:09 <DIR> --d----- c:\users\adam\appdata\roaming\PC Tools
2009-04-18 23:09 <DIR> --d----- c:\programdata\PC Tools
2009-04-18 23:09 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-18 23:09 <DIR> --d----- c:\progra~2\PC Tools
2009-04-17 12:30 551,424 a------- c:\windows\system32\rpcss.dll
2009-04-17 12:30 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-17 12:30 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-04-17 12:30 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-04-17 12:30 183,296 a------- c:\windows\system32\sdohlp.dll
2009-04-17 12:30 98,304 a------- c:\windows\system32\iasrecst.dll
2009-04-17 12:30 54,784 a------- c:\windows\system32\iasads.dll
2009-04-17 12:30 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-04-17 12:30 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-04-17 12:30 17,408 a------- c:\windows\system32\iashost.exe
2009-04-17 12:28 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-17 12:27 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-17 12:27 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-16 21:41 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-04-15 20:19 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-15 20:00 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-15 19:58 <DIR> --d----- c:\windows\system32\directx
2009-04-13 11:50 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-13 11:50 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-13 11:50 <DIR> --d----- c:\program files\iPod
2009-04-13 11:50 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 11:50 <DIR> --d----- c:\program files\iTunes
2009-04-13 11:50 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-25 12:14 <DIR> --d----- c:\program files\Intelore

==================== Find3M ====================

2009-04-19 02:17 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-04-18 23:09 3,628 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-18 23:09 745,504 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-18 15:09 8,236,064 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-18 14:06 65,424 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-17 13:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 13:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 13:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-14 14:43 86,016 a------- c:\windows\inf\infstor.dat
2009-03-14 14:43 51,200 a------- c:\windows\inf\infpub.dat
2009-03-14 14:43 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-09 11:52 73,312 a------- c:\windows\system32\drivers\adfs.sys
2009-03-09 04:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-07 19:11 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-03-07 19:11 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-03-07 19:11 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-03-03 14:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 14:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 12:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-25 13:22 130,208 -----r-- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-02-25 13:19 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-02-13 18:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 18:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-26 22:56 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-14 04:00 174 a--sh--- c:\program files\desktop.ini
2009-01-14 03:52 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-09 08:31 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:46:30.25 ===============
Attached Files
File Type: zip Attach File.zip (6.7 KB, 2 views)
mrajdadas is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-18-2009, 10:20 PM   #4 (permalink)
Analyst, Security Team
 
Join Date: Feb 2006
Posts: 222
OS: 2K


Re: Computer Freezes
Not sure I see any malware in any of the info you have provided so far. Have you tried disabling each of those security softwares one at a time to check for improvements? Kaspersky and SpywareDoctor is a tough combination on systems as far as resource use goes. I see you ran ComboFix - if you did, post that C:\ComboFix.txt log to check.
__________________
Jintan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-18-2009, 10:32 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 3
OS: Vista


Re: Computer Freezes
Well i didn't have spyware when this started i downloaded it after because i knwo its good program it found infections and i fixe dthem but didn't fix the problem =[


ComboFix 09-04-19.04 - **** 04/19/2009 13:35.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1292 [GMT 10:00]
Running from: c:\users\****\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-18 13:10 . 2008-12-10 22:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-18 13:09 . 2009-04-18 16:52 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-18 13:09 . 2008-12-18 02:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-18 13:09 . 2008-12-10 02:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-18 13:09 . 2009-04-18 13:09 -------- d-----w c:\users\All Users\PC Tools
2009-04-18 13:09 . 2009-04-18 13:09 -------- d-----w c:\progra~2\PC Tools
2009-04-17 02:30 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-17 02:30 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-17 02:30 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-17 02:30 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-17 02:30 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-17 02:30 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-17 02:30 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-17 02:30 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-17 02:30 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-17 02:30 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-17 02:28 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-17 02:27 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-17 02:27 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 11:41 . 2008-04-06 18:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-15 10:19 . 2009-04-15 10:19 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-15 10:00 . 2009-04-15 10:01 -------- d--h--w c:\windows\msdownld.tmp
2009-04-13 11:37 . 2009-04-13 11:37 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-13 01:50 . 2009-03-19 06:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-13 01:50 . 2008-04-17 02:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-13 01:50 . 2009-04-13 01:50 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 01:50 . 2009-04-13 01:50 -------- d-----w c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-19 03:34 . 2009-03-07 08:59 -------- d-----w c:\progra~2\Kaspersky Lab
2009-04-18 22:53 . 2009-03-07 08:26 -------- d---a-w c:\progra~2\TEMP
2009-04-18 16:52 . 2009-04-18 13:09 -------- d-----w c:\program files\Spyware Doctor
2009-04-18 16:31 . 2009-02-07 11:36 -------- d-----w c:\program files\mIRC
2009-04-18 16:17 . 2009-01-26 12:59 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-18 14:55 . 2009-04-18 14:55 -------- d-----w c:\program files\IObit
2009-04-18 13:10 . 2009-04-18 13:09 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-18 13:09 . 2009-03-07 08:59 3628 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-18 13:09 . 2009-03-07 08:59 745504 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-18 12:38 . 2009-02-04 08:33 -------- d-----w c:\program files\Full Tilt Poker
2009-04-18 05:09 . 2009-03-07 08:59 8236064 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-18 04:06 . 2009-03-07 08:59 65424 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 17:52 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-17 17:04 . 2009-03-03 05:01 -------- d-----w c:\progra~2\Microsoft Help
2009-04-13 01:50 . 2009-04-13 01:50 -------- d-----w c:\program files\iTunes
2009-04-13 01:50 . 2009-04-13 01:50 -------- d-----w c:\program files\iPod
2009-04-13 01:50 . 2009-02-01 00:58 -------- d-----w c:\program files\Common Files\Apple
2009-04-13 01:46 . 2009-04-13 01:46 -------- d-----w c:\program files\Safari
2009-03-29 23:04 . 2009-01-14 13:02 -------- d-----w c:\program files\Java
2009-03-25 02:14 . 2009-03-25 02:14 -------- d-----w c:\program files\Intelore
2009-03-17 03:38 . 2009-04-17 02:29 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-17 02:29 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 02:29 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-16 14:23 . 2009-03-16 14:23 -------- d-----w c:\progra~2\Soulseek
2009-03-16 14:22 . 2009-03-16 14:22 -------- d-----w c:\program files\SoulseekNS
2009-03-16 04:18 . 2009-04-15 10:02 69448 ----a-w c:\windows\System32\XAPOFX1_3.dll
2009-03-16 04:18 . 2009-04-15 10:02 517448 ----a-w c:\windows\System32\XAudio2_4.dll
2009-03-16 04:18 . 2009-04-15 10:02 235352 ----a-w c:\windows\System32\xactengine3_4.dll
2009-03-16 04:18 . 2009-04-15 10:02 22360 ----a-w c:\windows\System32\X3DAudio1_6.dll
2009-03-14 04:45 . 2009-03-14 04:45 -------- d-----w c:\progra~2\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 04:45 . 2009-02-01 00:59 -------- d-----w c:\progra~2\Apple Computer
2009-03-14 04:44 . 2009-03-14 04:44 -------- d-----w c:\program files\Bonjour
2009-03-14 04:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-14 04:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-14 04:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-10 09:53 . 2009-03-10 09:53 -------- d-----w c:\progra~2\WindowsSearch
2009-03-09 05:27 . 2009-04-15 10:02 453456 ----a-w c:\windows\System32\d3dx10_41.dll
2009-03-09 05:27 . 2009-04-15 10:02 4178264 ----a-w c:\windows\System32\D3DX9_41.dll
2009-03-09 05:27 . 2009-04-15 10:02 1846632 ----a-w c:\windows\System32\D3DCompiler_41.dll
2009-03-09 01:52 . 2008-08-13 20:57 73312 ----a-w c:\windows\system32\drivers\adfs.sys
2009-03-08 18:19 . 2009-01-14 13:03 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-07 09:11 . 2008-01-29 06:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-07 09:11 . 2009-03-07 09:00 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-07 09:11 . 2009-03-07 09:00 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-07 08:59 . 2009-03-07 08:59 -------- d-----w c:\program files\Kaspersky Lab
2009-03-05 06:34 . 2009-03-05 06:21 -------- d-----w c:\program files\Britannica 9.0
2009-03-05 06:29 . 2009-03-05 06:21 -------- d--h--w c:\program files\Zero G Registry
2009-03-03 05:06 . 2009-03-03 05:06 -------- d-----w c:\program files\Microsoft Works
2009-03-03 05:06 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild
2009-03-03 05:05 . 2009-03-03 05:05 -------- d-----w c:\program files\Microsoft.NET
2009-03-03 05:02 . 2009-03-03 05:02 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-03 04:40 . 2009-04-17 02:29 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-17 02:29 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-17 02:29 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-25 03:22 . 2009-02-25 03:22 130208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-02-25 03:19 . 2009-02-25 03:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_0 1005.Wdf
2009-02-25 03:16 . 2009-02-25 03:16 -------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-25 01:47 . 2009-01-13 15:45 -------- d-----w c:\program files\Common Files\Adobe
2009-02-25 01:27 . 2009-02-25 01:27 -------- d-----w c:\progra~2\ESET
2009-02-13 08:49 . 2009-04-17 02:29 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-17 02:29 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 00:03 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 07:52 . 2009-02-06 07:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-26 12:56 . 2009-01-26 12:56 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-13 18:00 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2008-01-08 22:31 . 2006-11-22 14:58 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-02 812952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-18 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-11-12 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-10 399504]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-2-25 91440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkb d.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c: \progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~ 1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{6695F29E-4B87-403B-A9C1-2CE04FBED4F7}"= UDP:5353:Adobe CSI CS4
"{AF9D5ECB-FAC7-4D68-9ACE-5377E9241EAC}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{D315BE21-E14E-4FA2-8578-FD2205CACDD5}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{B0181CF6-149C-4827-BD2E-778D3B74D3B9}"= UDP:3703:Adobe Version Cue CS4 Server
"{BC39D284-871A-4870-ACC9-C3AF609FB280}"= UDP:3704:Adobe Version Cue CS4 Server
"{1922B9F7-44F9-466B-B925-E3F928311ACA}"= UDP:51000:Adobe Version Cue CS4 Server
"{00F0D729-C030-4893-A181-688E76050F88}"= UDP:51001:Adobe Version Cue CS4 Server
"{48426996-3443-44C0-AE52-1830A91D35FD}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{EFAF3835-1285-4FD6-9878-55B2B9FB94DE}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{FA57F0F8-E58E-405C-8388-60C710670326}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{45E752D8-8107-45D0-AD49-0524EC721C9D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B8797D34-D1FA-4701-9B60-E22CFEDB0DEF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{89BB4548-7012-4EDC-AEE9-D506F3788570}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:Logitech Desktop Messenger
"{4F1FF9DD-C59A-44F1-90BF-A10CAFF016CE}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:Logitech Desktop Messenger
"{E116CAA3-C12B-4A13-8FDB-A922D507BF35}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:Logitech Desktop Messenger
"{EEC32026-1313-4671-B378-CA63516C5791}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:Logitech Desktop Messenger
"{CC7A214C-6D5E-4465-80B9-2E876A5D8F29}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3F1385BA-50DF-4A9A-9E6F-4DB46B5071A4}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D87D8F84-D6D1-46E5-AA3E-240FF212E028}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2E2B0E5A-A9A8-428B-8387-1A3B54660E09}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7C601A09-A447-4DF5-B140-DB768D6F6ADA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D8F13757-E5BB-4741-B5E1-8B238DCC189C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B9E342DC-2A63-4D62-99EB-B17556DF771A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4C7A3315-F795-4C9F-85C2-56AE39EB36D7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A7AE288A-C465-4F5C-B86F-DAFF1B386956}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-03-07 33808]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctg ntdi.sys [2008-12-10 159600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2006-10-22 9856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-10 179856]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-08 185640]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2006-10-22 167424]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-11-03 288112]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2009-02-10 15504]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctpls g.sys [2008-12-10 64392]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2006-10-22 15872]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-18 130424]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Prof iles\niorllcg.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 13:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-327920693-1695606436-2502763603-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ff,22,20,b8,b0,20,f2,aa,35,d8,79,6 0,55,3d,93,9d,9f,a5,4e,38,70,
8b,17,cd,78,6d,2b,da,0c,b1,73,22,86,d1,5e,71,3f,41 ,9d,bf,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-327920693-1695606436-2502763603-1000_Classes\CLSID\{922fc367-6e72-4aa1-9536-bd47cc02d6ea}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000003f
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b ,2a,ca,fe,43,f8,94,99,63,24,
84,10,51,05,98,32,02,34,2b,da,61,fb,26,b8,12,7a,88 ,81,28,61,18,b1,6a,18,84,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(708)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-04-19 13:41
ComboFix-quarantined-files.txt 2009-04-19 03:41

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 337,788,690,432 bytes free

238 --- E O F --- 2009-04-17 17:05
mrajdadas is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-18-2009, 11:12 PM   #6 (permalink)
Analyst, Security Team
 
Join Date: Feb 2006
Posts: 222
OS: 2K


Re: Computer Freezes
Null or locked registry keys from an install of Internet Download Manager - there is a malware embedded crack copy of that being offered through torrents, so let's hope you didn't make that type of mistake there. This is not usual - a setting from an upgrade of some sort:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

But there are some Kaspersky added startups that suggest it has added those as a malware defense, so let's see if we can locate a source of the problems. I will ask that you don't alter logs before posting them, to include **** for names. I use these for script creating if needed and don't want to have to guess what you did or did not change.


Make a copy of the following, then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

-----------------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If no rootkits are shown then right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
__________________
Jintan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:47 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85