Windows acting up - mouse clicks & scrolling

Resolved
By Valor
Oct 9, 2010
Topic Status:
Not open for further replies.
  1. Since yesterday my Windows XP has been acting up. It mostly has to do with my cursor. Like when I just click once on right mouse it often acts like a double click (opening files, executing things etc). Or I would just highlight a file with right mouse click and then it acts like I want to drag the file somewhere. Or I dont get much reaction from my clicks at all, like I have to click on the X extra hard, three times or so until a window closes. Or the scrolling doesnt properly work, whether in a browser, explorer or task window. This is all driving me nuts!

    I figure this could be my mouse driver being corrupt or something but Im also suspecting its a virus because ever since this behavior my full version MalwareBytes keeps blocking IP addresses, reporting "malicious IPs". On the other hand, my PeerGuardian wasn't blocking ANY IPs no more, the windows just kept being blank. But strangely enough when I do all types of scan with MB, plus a combofix run nothing is found! Yet I sit here restarting my computer over and over again just to be faced with the same odd problem. I also ran HijackThis log and couldnt find anything suspicious. CCleaner didn't improve anything either (though it removed quite a chunk). Ive cleaned all my temp files, browser cookies and histories but still, the problem persists. At least I dont seem to be getting those IP "attacks" anymore and PeerGuardian is working fine again too. Could it be just my mouse? crazy.gif

    Here are my logs, please tell me if you can find anything that might be causing this. Thanks!

    MB Log:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4785

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    09.10.2010 17:02:42
    mbam-log-2010-10-09 (17-02-42).txt

    Scan type: Full scan (D:\|)
    Objects scanned: 201432
    Time elapsed: 47 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    MB Protection Log:
    15:51:45 Dennis IP-BLOCK 222.65.243.157
    15:52:20 Dennis IP-BLOCK 218.9.97.145
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    15:54:12 Dennis IP-BLOCK 222.69.5.139
    16:04:48 Dennis MESSAGE IP Protection stopped
    16:06:25 Dennis MESSAGE Database updated successfully
    16:06:30 Dennis MESSAGE IP Protection started successfully
    16:07:59 Dennis IP-BLOCK 218.7.195.139
    16:10:57 Dennis IP-BLOCK 218.7.195.139
    16:13:11 Dennis IP-BLOCK 121.13.127.182
    16:13:55 Dennis IP-BLOCK 58.240.39.117
    16:19:54 Dennis IP-BLOCK 218.7.195.139
    16:23:00 Dennis IP-BLOCK 218.7.195.139
    16:28:56 Dennis IP-BLOCK 218.7.195.139
    16:31:51 Dennis IP-BLOCK 218.7.195.139
    16:34:03 Dennis IP-BLOCK 222.69.5.139
    16:34:56 Dennis IP-BLOCK 218.7.195.139
    16:37:08 Dennis IP-BLOCK 222.69.14.199
    16:37:14 Dennis IP-BLOCK 202.103.221.15
    16:46:55 Dennis IP-BLOCK 222.69.214.231
    16:46:58 Dennis IP-BLOCK 58.240.212.92
    16:52:35 Dennis IP-BLOCK 121.8.235.67
    17:02:43 Dennis IP-BLOCK 58.240.244.20
    17:09:34 (null) IP-BLOCK 121.8.153.6
    17:11:38 Dennis MESSAGE Protection started successfully
    17:11:43 Dennis MESSAGE IP Protection started successfully
    17:50:26 Dennis MESSAGE Protection started successfully
    17:50:42 Dennis MESSAGE IP Protection started successfully
    18:37:56 Dennis MESSAGE Protection started successfully
    18:38:01 Dennis MESSAGE IP Protection started successfully
    20:09:41 Dennis MESSAGE Protection started successfully
    20:09:45 Dennis MESSAGE IP Protection started successfully


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:30:01, on 09.10.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
    D:\Programme\PeerGuardian2\pg2.exe
    D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    D:\Programme\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Programme\Winamp\winamp.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    F:\Temp\TrendMicro\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [PeerGuardian] D:\Programme\PeerGuardian2\pg2.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Customize Menu - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm Toolbar - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll (file missing)
    O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
    O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5711 bytes
  2. Valor

    Valor Newcomer, in training Topic Starter Posts: 69

    ComboFix 10-10-08.01 - Dennis 09.10.2010 17:34:52.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.535 [GMT 2:00]
    ausgeführt von:: d:\dokumente und einstellungen\Dennis\Desktop\Yep.exe


    Dateien erstellt von 2010-09-09 bis 2010-10-09


    2010-10-07 13:56 . 2010-10-07 13:56 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    2010-10-09 15:33 . 2010-01-23 01:36 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\HPAppData
    2010-10-09 15:19 . 2008-11-22 00:27 -------- d-----w- d:\programme\PeerGuardian2
    2010-10-09 15:07 . 2003-04-02 12:00 70580 ----a-w- d:\windows\system32\perfc007.dat
    2010-10-09 15:07 . 2003-04-02 12:00 405118 ----a-w- d:\windows\system32\perfh007.dat
    2010-10-09 08:55 . 2008-10-04 17:00 -------- d-----w- d:\programme\eMule
    2010-10-04 00:57 . 2009-01-23 17:53 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\FileZilla
    2010-10-03 10:26 . 2010-04-06 16:15 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
    2010-09-17 18:45 . 2009-09-10 10:40 -------- d-----w- d:\programme\Firefox
    2010-08-28 15:46 . 2008-10-04 21:44 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\uTorrent
    2010-08-19 22:31 . 2010-08-19 22:31 -------- d-----w- d:\programme\Malwarebytes' Anti-Malware
    2010-08-18 02:47 . 2008-10-04 15:57 1324 ----a-w- d:\windows\system32\d3d9caps.dat
    2009-09-29 19:38 . 2009-09-29 19:38 18879 ----a-w- d:\programme\Gemeinsame Dateien\ligy._dl
    2010-03-30 15:20 . 2010-03-30 15:20 2 --shatr- d:\windows\winstart.bat
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-08-19_03.06.10 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2003-04-02 12:00 . 2010-03-28 10:54 58596 d:\windows\system32\perfc009.dat
    + 2003-04-02 12:00 . 2010-10-09 15:07 58596 d:\windows\system32\perfc009.dat
    - 2009-12-11 02:30 . 2010-04-29 13:39 38224 d:\windows\system32\drivers\mbamswissarmy.sys
    + 2010-08-19 22:31 . 2010-04-29 13:39 38224 d:\windows\system32\drivers\mbamswissarmy.sys
    + 2010-08-19 22:31 . 2010-04-29 13:39 20952 d:\windows\system32\drivers\mbam.sys
    - 2009-12-11 02:30 . 2010-04-29 13:39 20952 d:\windows\system32\drivers\mbam.sys
    - 2003-04-02 12:00 . 2010-03-28 10:54 392296 d:\windows\system32\perfh009.dat
    + 2003-04-02 12:00 . 2010-10-09 15:07 392296 d:\windows\system32\perfh009.dat
    + 2010-10-03 10:39 . 2010-10-03 10:39 232912 d:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
    + 2010-01-27 01:07 . 2010-10-03 10:39 5969360 d:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2010-08-22 16:04 . 2010-08-22 16:04 12263936 d:\windows\Installer\e15740e.msp
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="d:\programme\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
    "Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
    "Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
    path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
    backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
    path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
    backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Dokumente und Einstellungen^Dennis^Startmenü^Programme^Autostart^MONSXW32.EXE.del]
    path=d:\dokumente und einstellungen\Dennis\Startmenü\Programme\Autostart\MONSXW32.EXE.del
    backup=d:\windows\pss\MONSXW32.EXE.delStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
    PRISMSTA.EXE START [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- d:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 05:52 15360 ------w- d:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 ----a-w- d:\programme\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-03-18 16:50 4363504 ----a-w- d:\programme\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 05:52 1695232 --sh--w- d:\programme\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-08-17 01:03 13877248 ----a-w- d:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-08-17 01:03 86016 ----a-w- d:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2009-08-12 21:40 1657376 ----a-w- d:\programme\NVIDIA Corporation\nView\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Personal ID]
    2009-01-15 19:58 1126912 ----a-w- d:\progra~1\COOLSP~1\PERSON~1\pid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2010-03-28 13:24 160328 ----a-w- d:\programme\Siber Systems\AI RoboForm\robotaskbaricon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 09:43 248040 ----a-w- d:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-09-10 08:29 1994480 ----a-w- d:\programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
    2009-03-18 16:50 4363504 ----a-w- d:\programme\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-08-03 23:02 36352 ----a-w- d:\programme\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SharedAccess"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Programme\\uTorrent\\uTorrent.exe"=
    "d:\\WINDOWS\\system32\\winver.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2479:TCP"= 2479:TCP:Services
    "64517:TCP"= 64517:TCP:Services
    "2084:TCP"= 2084:TCP:Services
    "9708:TCP"= 9708:TCP:Services
    "8364:TCP"= 8364:TCP:Services
    "7880:TCP"= 7880:TCP:Services
    "7817:TCP"= 7817:TCP:Services
    "2818:TCP"= 2818:TCP:Services
    "8848:TCP"= 8848:TCP:Services

    R1 SASDIFSV;SASDIFSV;d:\programme\SUPERAntiSpyware\sasdifsv.sys [05.08.2009 16:06 9968]
    R1 SASKUTIL;SASKUTIL;d:\programme\SUPERAntiSpyware\SASKUTIL.SYS [05.08.2009 16:06 74480]
    R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [20.08.2010 00:31 304464]
    R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [20.08.2010 00:31 20952]
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;d:\windows\system32\drivers\PhTVTune.sys [04.10.2008 17:45 24704]
    S3 PRISM_A00;PRISM 802.11g Driver;d:\windows\system32\drivers\PRISMA00.sys [04.10.2008 16:26 362688]
    S3 SASENUM;SASENUM;d:\programme\SUPERAntiSpyware\SASENUM.SYS [05.08.2009 16:06 7408]

    --- Andere Dienste/Treiber im Speicher ---

    *Deregistered* - pgfilter

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://google.com/
    IE: Customize Menu - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: RoboForm Toolbar - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    FF - ProfilePath - d:\dokumente und einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\q9w830qj.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: d:\programme\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: d:\programme\Opera\program\plugins\nppl3260.dll
    FF - plugin: d:\programme\Opera\program\plugins\nppl3260.dll
    FF - plugin: d:\programme\Opera\program\plugins\nprpjplug.dll
    FF - plugin: d:\programme\Opera\program\plugins\nprpjplug.dll

    ---- FIREFOX Richtlinien ----
    d:\programme\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    d:\programme\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    d:\programme\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -

    MSConfigStartUp-WordWeb - d:\programme\WordWeb\wweb32.exe
    AddRemove-WordFlood 1.2 - d:\programme\WordFlood 1.2\Uninstall.exe
  3. Valor

    Valor Newcomer, in training Topic Starter Posts: 69

    --------------------- Gesperrte Registrierungsschluessel ---------------------

    [HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33F87792-B1F5-3AE6-0EE6-CE658B478259}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{47D9FB2A-2B30-85E1-F322-DEAF4E40E071}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abooppijfmedgddomodkallkhbndphhbpi"=hex:70,61,61,70,62,61,66,65,64,6e,6a,61,
    66,63,69,65,62,65,6c,6a,68,65,63,6a,61,65,62,66,6d,66,6c,6c,00,40
    "malokpgjibdfgokbndmipojdla"=hex:6f,61,6f,6d,62,6c,62,6c,62,6f,64,68,70,65,65,
    69,69,6e,61,67,6c,61,67,6b,66,6b,69,6e,61,62,00,6c

    [HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50F48DBB-21EA-CEFD-F978-1E43976C7B96}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78A5CA21-B976-E898-A01C-AC4E7DEC27A6}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iambacjnfdocjkmdcg"=hex:6a,61,6a,6d,65,70,6a,6a,67,6d,63,68,63,6d,6b,64,6c,65,
    64,63,00,00
    "hagbkdnkidolclnj"=hex:6a,61,6a,6d,65,70,6a,6a,67,6d,63,68,63,6d,6b,64,6c,65,
    64,63,00,1f

    [HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (S-1-5-21-1645522239-1547161642-839522115-1004)
    @Allowed: (Read) (S-1-5-21-1645522239-1547161642-839522115-1004)
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    @DACL=(02 0000)
    @="Microsoft-Datenträgerkontingent"
    "NoMachinePolicy"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "RequiresSuccessfulRegistry"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000000
    "DllName"=expand:"dskquota.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicy"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    @DACL=(02 0000)
    @="Internet Explorer-Zonenzuordnung"
    "DllName"=expand:"iedkcs32.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
    "NoGPOListChanges"=dword:00000001
    "RequiresSucessfulRegistry"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
    "GenerateGroupPolicy"="SceGenerateGroupPolicy"
    "ExtensionRsopPlanningDebugLevel"=dword:00000001
    "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
    "ExtensionDebugLevel"=dword:00000001
    "DllName"=expand:"scecli.dll"
    @="Security"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000001
    "MaxNoGPOListChangesInterval"=dword:000003c0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    @DACL=(02 0000)
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "DllName"=expand:"iedkcs32.dll"
    @="Internet Explorer-Branding"
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
    "DllName"=expand:"scecli.dll"
    @="EFS recovery"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "RequiresSuccessfulRegistry"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    @DACL=(02 0000)
    @="802.3 Group Policy"
    "DisplayName"=expand:"@dot3gpclnt.dll,-100"
    "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
    "GenerateGroupPolicy"="GenerateLANPolicy"
    "DllName"=expand:"dot3gpclnt.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    @DACL=(02 0000)
    @="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000000
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    @DACL=(02 0000)
    @="Softwareinstallation"
    "DllName"=expand:"appmgmts.dll"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "RequiresSucessfulRegistry"=dword:00000000
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    @DACL=(02 0000)
    "DllName"="d:\\Programme\\SUPERAntiSpyware\\SASWINLO.dll"
    "Logon"="SABWINLOLogon"
    "Logoff"="SABWINLOLogoff"
    "Startup"="SABWINLOStartup"
    "Shutdown"="SABWINLOShutdown"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    @DACL=(02 0000)
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    @DACL=(02 0000)
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=expand:"sclgntfy.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    @DACL=(02 0000)
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
    @DACL=(02 0000)
    "Hilfeassistent"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "HelpAssistant"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000
    .
    Zeit der Fertigstellung: 2010-10-09 17:41:24

    Vor Suchlauf: 998.498.304 Bytes frei
    Nach Suchlauf: 1.104.912.384 Bytes frei
  4. Valor

    Valor Newcomer, in training Topic Starter Posts: 69

    Btw, I'm using a wired mouse. And it acts up like this even when I disconnect from the internet. The only thing that I find as "weird" is when I run FreeFixer. It reports errors on winlogon. But I believe I had this in previous scans too. Can anyone explain? Here's the log:

    FreeFixer v0.54 log
    http://www.freefixer.com/
    Operating system: Windows XP Service Pack 3
    Log dated 2010-10-09 21:05


    Winlogon Notify
    !SASWinLogon - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    crypt32chain - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    cryptnet - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    cscdll - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    dimsntfy - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    ScCertProp - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    Schedule - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    sclgntfy - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    SensLogn - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    termsrv - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
    wlballoon - (no file specified)
    Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon'.

    System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.

    Browser Helper Objects (4 whitelisted)
    {724d43a9-0d85-11d4-9908-00400523e39a}, , D:\Programme\Siber Systems\AI RoboForm\roboform.dll

    Internet Explorer toolbars (2 whitelisted)
    HKLM\..\Toolbar\{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - D:\Programme\Siber Systems\AI RoboForm\roboform.dll

    Basic Internet Explorer settings
    HKCU\..\Main, Start Page = http://google.com/
    HKCU\..\Desktop\General, Wallpaper = D:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

    Registry Startups (1 whitelisted)
    HKLM\..\Run, NvCplDaemon = RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKCU\..\Run, PeerGuardian = D:\Programme\PeerGuardian2\pg2.exe

    Processes (26 whitelisted)
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Programme\PeerGuardian2\pg2.exe
    D:\Programme\Winamp\winamp.exe
    F:\Temp\FreeFixer\freefixer.exe

    Services (39 whitelisted)
    nvsvc, NVIDIA Display Driver Service, d:\windows\system32\nvsvc32.exe

    Svchost.exe Modules (214 whitelisted)
    d:\programme\hp\digital imaging\bin\hpqddsvc.dll
    d:\programme\hp\digital imaging\bin\hpqddcmn.dll
    d:\programme\hp\digital imaging\bin\hpqcxs08.dll
    d:\windows\system32\hpzinw12.dll
    d:\windows\system32\hpzipm12.dll

    Explorer.exe Modules (109 whitelisted)
    D:\Programme\SUPERAntiSpyware\SASSEH.DLL
    D:\Programme\WinRAR\rarext.dll
    D:\Programme\FileZilla FTP Client\fzshellext.dll
    D:\WINDOWS\system32\l3codeca.acm
    D:\Programme\SUPERAntiSpyware\SASCTXMN.DLL
    D:\Programme\Siber Systems\AI RoboForm\roboform.dll

    Drivers (28 whitelisted)
    CDRPDACC, CD-ROM Productions Device Access, d:\programme\cd-rom productions\shared\cdrpdacc.sys
    SASDIFSV, SASDIFSV, d:\programme\superantispyware\sasdifsv.sys
    SASKUTIL, SASKUTIL, d:\programme\superantispyware\saskutil.sys

    Firefox Extensions
    NoDoFollow, D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}\install.rdf
    SearchStatus, D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}\install.rdf
    Adobe DLM (powered by getPlus®), D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\install.rdf
    Java Console, D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\install.rdf

    Recently created/modified files (3 whitelisted)
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\winamp.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_nsfs.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_milk2.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_avs.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\tagz.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_usb.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_p4s.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_njb.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_ipod.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_activesync.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\playlist.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_wave.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_ds.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_disk.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_wire.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_transcode.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_rg.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_pmp.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_plg.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_playlists.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_orb.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_online.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_nowplaying.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_local.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_impex.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_history.lng
    40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_disc.lng

    History
    -D:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Autostart\syspck32.exe (on reboot)
    -D:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Autostart\syspck32.exe (on reboot)
    -D:\WINDOWS\system32\msedyu32.exe
    +HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = D:\WINDOWS\system32\userinit.exe,
    -HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
    -HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    -HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    -HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser, {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    -HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser, {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\winamp.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_nsfs.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_milk2.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_avs.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\tagz.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_usb.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_p4s.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_njb.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_ipod.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_activesync.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\playlist.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_wave.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_ds.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_disk.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_wire.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_transcode.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_rg.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_pmp.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_plg.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_playlists.lng (on reboot)
    -d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_orb.lng (on reboot)

    The following errors occurred during the scan:
    Problems opening folder 'c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\Quarantine' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert Error code: 5.
    Problems opening folder 'c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\SrtETmp' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert Error code: 5.

    End of FreeFixer log
  5. Tanlic

    Tanlic Newcomer, in training Posts: 47

    Malwarebytes stops sites by the dozen. You have an icon down at the bottom right hand side. remove the tick for checking websites and that will stop. You have to do it everytime you retsrt your comp. No idea how you stop it permantly. Thing was driving me mad so I got rid of it.

    One of your enter keys isn't stuck in the down position by any chance?
  6. gbhall

    gbhall TechSpot Chancellor Posts: 2,336   +49

    Suggest you borrow USB keyboard and mouse to try. Disable or remove wireless devices.

    If it seems to be the wireless devices causing the problem, was it battery, interference from nearby equipment, corrupt driver or device failure? Should be possible to find out which.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I notice you have also left logs and asked for help here: http://www.bleepingcomputer.com/forums/topic352687.html

    You will need to decide where you want to stay for help. Tying multiple malware helpers up fr the same person's problem means their time will be taken away from others.

    One thing you need to do is stop running random programs. each forum has a set of steps they want followed. Combofix is not a program that should be run unless your helper instructs you to run it and then it will be with guidance. And to the best of my knowledge, none of us run the FreeFixer program.

    When you decide where you want to remain for help, if it is here, I will ask the moderator to move the thread to the Windows Os forum for you to investigate possibly setting problem with the mouse.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Posted in another forum. No reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.