Jump to content

f1player

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral

About f1player

  • Birthday 06/21/1988

Profile Information

  • Location
    Brisbane, Queensland, Australia
  1. Yes I've read all the info and comp is working fine
  2. Done all the updates and no problems left. Thanks for all your help
  3. Here's the results of the full scan. No infected objects found Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5193 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 27/11/2010 12:29:35 PM mbam-log-2010-11-27 (12-29-35).txt Scan type: Full scan (C:\|) Objects scanned: 315382 Time elapsed: 47 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Everything is running good now !!! I've reinstalled IE8 as well and its operating normally Thank you so much !! If it wasn't for the fact that we're probably at different ends of the world I'd buy you a coffee Seriously you deserve it I've run OTL again but its only giving me the OTL.txt file. The extras.txt from the first scan when I still had all the problems is here: OTL Extras logfile created on: 24/11/2010 10:47:02 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS) "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation) "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks) "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta) "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta) "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta) "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta) "{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta) "{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta) "{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta) "{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta) "{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{21140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 (Beta) "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{303FEC96-F0B8-4D69-8838-69F47512D3A2}" = Brother HL-5240 "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18 "{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F11D09B-63D2-49FA-9F07-904EA78F834A}" = RegClean "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{874112D6-0C93-4A3A-944C-B3811505D5CD}" = BlueSoleil 6.4.314.3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4 "{DDC0FC3C-70D7-41F3-803A-C92484EE53AC}" = AVRStudio4 "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CamStudio" = CamStudio "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DVD Shrink_is1" = DVD Shrink 3.2 "DVD-CLONER VII_is1" = DVD-CLONER V7.60 Build 998 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Generic 6501 Sound" = C-Media 6501 Sound "iMesh MediaBar" = MediaBar "Lexmark X1100 Series" = Lexmark X1100 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MatlabR2007b" = MATLAB R2007b "MB2 Toolbar" = MB2 Toolbar "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "Office14.VISIOR" = Microsoft Visio 2010 "ratDVD" = ratDVD 0.78.1444 "SopCast" = SopCast 3.2.9 "Veoh Web Player Beta" = Veoh Web Player "Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar "VLC media player" = VLC media player 1.1.4 "WIC" = Windows Imaging Component "Winamp" = Winamp (remove only) "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format Runtime "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "XpertVision_is1" = XpertVision 4.7 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Octoshape Streaming Services" = Octoshape Streaming Services ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23/11/2010 9:21:37 PM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 23/11/2010 9:21:38 PM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 24/11/2010 2:54:07 AM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 24/11/2010 2:54:09 AM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 24/11/2010 4:54:08 AM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 24/11/2010 4:55:17 AM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 24/11/2010 4:55:19 AM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 24/11/2010 6:55:18 AM | Computer Name = ARMIN | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 24/11/2010 6:56:49 AM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 24/11/2010 6:56:50 AM | Computer Name = ARMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. [ OSession Events ] Error - 12/10/2010 8:53:14 AM | Computer Name = ARMIN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4253 seconds with 2940 seconds of active time. This session ended with a crash. Error - 12/11/2010 9:36:47 PM | Computer Name = ARMIN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 149 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 24/11/2010 5:47:55 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7022 Description = The Automatic Updates service hung on starting. Error - 24/11/2010 6:44:11 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7000 Description = The Print Spooler service failed to start due to the following error: %%2 Error - 24/11/2010 6:46:36 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7000 Description = The Print Spooler service failed to start due to the following error: %%2 Error - 24/11/2010 6:48:26 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7022 Description = The Automatic Updates service hung on starting. Error - 24/11/2010 6:53:56 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7000 Description = The Print Spooler service failed to start due to the following error: %%2 Error - 24/11/2010 7:44:09 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7000 Description = The Print Spooler service failed to start due to the following error: %%3 Error - 24/11/2010 8:39:23 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7000 Description = The Print Spooler service failed to start due to the following error: %%3 Error - 24/11/2010 8:41:11 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7022 Description = The Automatic Updates service hung on starting. Error - 24/11/2010 8:46:07 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7000 Description = The Print Spooler service failed to start due to the following error: %%3 Error - 24/11/2010 8:47:57 AM | Computer Name = ARMIN | Source = Service Control Manager | ID = 7022 Description = The Automatic Updates service hung on starting. < End of report >
  5. Never mind I figured it out. Here is the new log: ComboFix 10-11-25.05 - Armin Mehmedagic 26/11/2010 22:41:22.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1504 [GMT 10:00] Running from: c:\documents and settings\Armin Mehmedagic\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 ))))))))))))))))))))))))))))))) . 2010-11-26 12:35 . 2004-08-03 14:56 1032192 -c--a-w- c:\windows\system32\dllcache\explorer.exe 2010-11-26 12:35 . 2004-08-03 14:56 1032192 ----a-w- c:\windows\explorer.exe 2010-11-26 09:23 . 2004-08-03 14:56 502272 ----a-w- c:\windows\winlogoncopy.exe 2010-11-26 09:23 . 2004-08-03 14:56 502272 ----a-w- c:\windows\system32\winlogon.exe 2010-11-24 14:59 . 2006-02-28 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe 2010-11-24 14:59 . 2006-02-28 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe 2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\RegClean 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\program files\RegClean 2010-11-24 10:52 . 2010-11-24 10:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-11-24 09:00 . 2010-11-24 09:00 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Registry Mechanic 2010-11-23 10:35 . 2010-04-16 15:36 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-11-23 10:35 . 2010-04-16 15:36 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2010-11-23 06:05 . 2010-11-23 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-19 01:25 . 2010-11-19 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-19 01:25 . 2010-11-19 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iPod 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iTunes 2010-11-17 05:28 . 2010-11-17 05:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\Safari 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\program files\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2010-11-06 01:37 . 2010-11-06 01:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-09 00:10 . 2010-05-06 04:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-09 00:10 . 2010-05-06 04:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-28 05:44 . 2010-09-16 05:53 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-09-28 05:44 . 2010-09-16 05:53 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts . ((((((((((((((((((((((((((((( SnapShot_2010-11-26_08.23.04 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-26 12:09 . 2010-11-26 12:09 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-09-25 01:34 2735200 ----a-w- c:\program files\MB2\tbMB1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] 2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\Veoh_Web_Player\tbVeo2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] "Octoshape Streaming Services"="c:\documents and settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048] "RegClean"="c:\program files\RegClean\RegClean.exe" [2010-11-15 8777728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480] "nwiz"="nwiz.exe" [2007-03-01 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "uziotlpbuqdaejyzqalcTaskMgr"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] 2007-02-01 08:49 2154496 ----a-w- c:\program files\XpertVision\TBPANEL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] 2003-08-19 14:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Armin Mehmedagic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/04/2010 6:32 PM 20104] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/05/2010 2:53 PM 135336] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/04/2010 10:43 AM 147563] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6/04/2010 6:32 PM 25992] R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6/04/2010 6:32 PM 22024] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/04/2010 6:33 PM 25864] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/04/2010 6:32 PM 23048] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 10:43 PM 136176] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 4:28 AM 4639136] . Contents of the 'Scheduled Tasks' folder 2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50] 2010-05-29 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-06 07:29] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-26 c:\windows\Tasks\RegClean Scheduled Scan.job - c:\program files\RegClean\RegClean.exe [2010-11-15 03:47] 2010-11-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-26 22:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2160) c:\windows\system32\msi.dll . Completion time: 2010-11-26 22:48:20 ComboFix-quarantined-files.txt 2010-11-26 12:48 ComboFix2.txt 2010-11-26 09:29 ComboFix3.txt 2010-11-26 08:24 ComboFix4.txt 2010-11-25 15:49 ComboFix5.txt 2010-11-26 12:38 Pre-Run: 310,744,342,528 bytes free Post-Run: 310,740,013,056 bytes free - - End Of File - - EC888224E8A3F87D18108B6460A7894F
  6. The windows key + R does not work. It's so annoying every other windows shortcut works except for that one. Is there another way of getting the run box to appear ?
  7. ComboFix 10-11-25.03 - Armin Mehmedagic 26/11/2010 19:25:54.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1497 [GMT 10:00] Running from: c:\documents and settings\Armin Mehmedagic\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\explorercopy.exe c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 ))))))))))))))))))))))))))))))) . 2010-11-26 09:23 . 2004-08-03 14:56 502272 ----a-w- c:\windows\winlogoncopy.exe 2010-11-24 14:59 . 2006-02-28 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe 2010-11-24 14:59 . 2006-02-28 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe 2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\RegClean 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\program files\RegClean 2010-11-24 10:52 . 2010-11-24 10:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-11-24 09:00 . 2010-11-24 09:00 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Registry Mechanic 2010-11-23 10:35 . 2010-04-16 15:36 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-11-23 10:35 . 2010-04-16 15:36 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2010-11-23 06:05 . 2010-11-23 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-19 01:25 . 2010-11-19 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-19 01:25 . 2010-11-19 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iPod 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iTunes 2010-11-17 05:28 . 2010-11-17 05:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\Safari 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\program files\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2010-11-06 01:37 . 2010-11-06 01:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-09 00:10 . 2010-05-06 04:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-09 00:10 . 2010-05-06 04:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-28 05:44 . 2010-09-16 05:53 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-09-28 05:44 . 2010-09-16 05:53 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts . ------- Sigcheck ------- [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2006-02-28 . B9DB64330AA75F0D65584043EB71392D . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe [-] 2006-02-28 . 0D7A327D55EE730503BC54E70CD912D4 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-09-25 01:34 2735200 ----a-w- c:\program files\MB2\tbMB1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] 2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\Veoh_Web_Player\tbVeo2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] "Octoshape Streaming Services"="c:\documents and settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048] "RegClean"="c:\program files\RegClean\RegClean.exe" [2010-11-15 8777728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480] "nwiz"="nwiz.exe" [2007-03-01 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "uziotlpbuqdaejyzqalcTaskMgr"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] 2007-02-01 08:49 2154496 ----a-w- c:\program files\XpertVision\TBPANEL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] 2003-08-19 14:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Armin Mehmedagic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/04/2010 6:32 PM 20104] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/05/2010 2:53 PM 135336] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/04/2010 10:43 AM 147563] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6/04/2010 6:32 PM 25992] R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6/04/2010 6:32 PM 22024] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/04/2010 6:33 PM 25864] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/04/2010 6:32 PM 23048] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 10:43 PM 136176] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 4:28 AM 4639136] . Contents of the 'Scheduled Tasks' folder 2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50] 2010-05-29 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-06 07:29] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-26 19:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-11-26 19:29:16 ComboFix-quarantined-files.txt 2010-11-26 09:28 ComboFix2.txt 2010-11-26 08:24 ComboFix3.txt 2010-11-25 15:49 ComboFix4.txt 2010-11-24 15:08 ComboFix5.txt 2010-11-26 09:25 Pre-Run: 310,761,598,976 bytes free Post-Run: 310,760,153,088 bytes free - - End Of File - - 200AF5BFADA9DD04FAB46A715733FDF7
  8. Here's the new log. ComboFix 10-11-25.01 - Armin Mehmedagic 26/11/2010 18:17:10.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1497 [GMT 10:00] Running from: c:\documents and settings\Armin Mehmedagic\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 ))))))))))))))))))))))))))))))) . 2010-11-24 14:59 . 2006-02-28 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe 2010-11-24 14:59 . 2006-02-28 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe 2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\RegClean 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\program files\RegClean 2010-11-24 10:52 . 2010-11-24 10:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-11-24 09:00 . 2010-11-24 09:00 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Registry Mechanic 2010-11-23 10:35 . 2010-04-16 15:36 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-11-23 10:35 . 2010-04-16 15:36 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2010-11-23 06:05 . 2010-11-23 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-19 01:25 . 2010-11-19 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-19 01:25 . 2010-11-19 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iPod 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iTunes 2010-11-17 05:28 . 2010-11-17 05:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\Safari 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\program files\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2010-11-06 01:37 . 2010-11-06 01:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-09 00:10 . 2010-05-06 04:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-09 00:10 . 2010-05-06 04:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-28 05:44 . 2010-09-16 05:53 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-09-28 05:44 . 2010-09-16 05:53 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts . ------- Sigcheck ------- [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2006-02-28 . B9DB64330AA75F0D65584043EB71392D . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe [-] 2006-02-28 . 0D7A327D55EE730503BC54E70CD912D4 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2010-11-24_13.49.19 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-26 08:09 . 2010-11-26 08:09 16384 c:\windows\Temp\Perflib_Perfdata_928.dat - 2006-02-28 12:00 . 2006-02-28 12:00 39424 c:\windows\system32\pngfilt.dll + 2006-02-28 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll + 2006-02-28 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll + 2006-02-28 12:00 . 2010-04-16 15:36 96256 c:\windows\system32\inseng.dll - 2006-02-28 12:00 . 2006-02-28 12:00 96256 c:\windows\system32\inseng.dll - 2006-02-28 12:00 . 2006-02-28 12:00 55808 c:\windows\system32\extmgr.dll + 2006-02-28 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll + 2006-02-28 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll - 2006-02-28 12:00 . 2006-02-28 12:00 39424 c:\windows\system32\dllcache\pngfilt.dll + 2006-02-28 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\dllcache\jsproxy.dll - 2006-02-28 12:00 . 2006-02-28 12:00 96256 c:\windows\system32\dllcache\inseng.dll + 2006-02-28 12:00 . 2010-04-16 15:36 96256 c:\windows\system32\dllcache\inseng.dll + 2010-05-05 14:48 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe - 2010-05-05 14:48 . 2006-02-28 12:00 18432 c:\windows\system32\dllcache\iedw.exe - 2006-02-28 12:00 . 2006-02-28 12:00 55808 c:\windows\system32\dllcache\extmgr.dll + 2006-02-28 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\dllcache\extmgr.dll + 2010-05-05 14:50 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll + 2006-02-28 12:00 . 2010-04-16 15:36 662016 c:\windows\system32\wininet.dll + 2006-02-28 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll - 2006-02-28 12:00 . 2006-02-28 12:00 417792 c:\windows\system32\vbscript.dll + 2006-02-28 12:00 . 2010-04-16 15:36 624640 c:\windows\system32\urlmon.dll + 2006-02-28 12:00 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll - 2006-02-28 12:00 . 2006-02-28 12:00 474112 c:\windows\system32\shlwapi.dll + 2006-02-28 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\mstime.dll + 2006-02-28 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\msrating.dll - 2006-02-28 12:00 . 2006-02-28 12:00 146432 c:\windows\system32\msrating.dll + 2006-02-28 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\mshtmled.dll + 2006-02-28 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll - 2006-02-28 12:00 . 2006-02-28 12:00 450560 c:\windows\system32\jscript.dll - 2006-02-28 12:00 . 2006-02-28 12:00 251392 c:\windows\system32\iepeers.dll + 2006-02-28 12:00 . 2010-04-16 15:36 251392 c:\windows\system32\iepeers.dll + 2006-02-28 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dxtrans.dll - 2006-02-28 12:00 . 2006-02-28 12:00 357888 c:\windows\system32\dxtmsft.dll + 2006-02-28 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dxtmsft.dll + 2006-02-28 12:00 . 2010-04-16 15:36 662016 c:\windows\system32\dllcache\wininet.dll + 2006-02-28 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll - 2006-02-28 12:00 . 2006-02-28 12:00 417792 c:\windows\system32\dllcache\vbscript.dll + 2006-02-28 12:00 . 2010-04-16 15:36 624640 c:\windows\system32\dllcache\urlmon.dll - 2006-02-28 12:00 . 2006-02-28 12:00 474112 c:\windows\system32\dllcache\shlwapi.dll + 2006-02-28 12:00 . 2010-04-16 15:36 474112 c:\windows\system32\dllcache\shlwapi.dll + 2006-02-28 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\dllcache\mstime.dll - 2006-02-28 12:00 . 2006-02-28 12:00 146432 c:\windows\system32\dllcache\msrating.dll + 2006-02-28 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\dllcache\msrating.dll + 2006-02-28 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\dllcache\mshtmled.dll + 2006-02-28 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll - 2006-02-28 12:00 . 2006-02-28 12:00 450560 c:\windows\system32\dllcache\jscript.dll + 2006-02-28 12:00 . 2010-04-16 15:36 251392 c:\windows\system32\dllcache\iepeers.dll - 2006-02-28 12:00 . 2006-02-28 12:00 251392 c:\windows\system32\dllcache\iepeers.dll + 2006-02-28 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dllcache\dxtrans.dll + 2006-02-28 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dllcache\dxtmsft.dll - 2006-02-28 12:00 . 2006-02-28 12:00 357888 c:\windows\system32\dllcache\dxtmsft.dll + 2006-02-28 12:00 . 2010-04-16 15:36 151040 c:\windows\system32\dllcache\cdfview.dll + 2006-02-28 12:00 . 2010-04-16 15:36 151040 c:\windows\system32\cdfview.dll + 2009-12-08 08:59 . 2009-12-08 08:59 474112 c:\windows\$hf_mig$\KB975713\SP2QFE\shlwapi.dll + 2006-02-28 12:00 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll + 2006-02-28 12:00 . 2010-04-16 15:36 3065344 c:\windows\system32\mshtml.dll + 2006-02-28 12:00 . 2010-04-16 15:36 1506304 c:\windows\system32\dllcache\shdocvw.dll + 2006-02-28 12:00 . 2010-04-16 15:36 3065344 c:\windows\system32\dllcache\mshtml.dll + 2006-02-28 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\dllcache\danim.dll + 2006-02-28 12:00 . 2010-04-16 15:36 1023488 c:\windows\system32\dllcache\browseui.dll + 2006-02-28 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\danim.dll + 2006-02-28 12:00 . 2010-04-16 15:36 1023488 c:\windows\system32\browseui.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-09-25 01:34 2735200 ----a-w- c:\program files\MB2\tbMB1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] 2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\Veoh_Web_Player\tbVeo2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] "Octoshape Streaming Services"="c:\documents and settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048] "RegClean"="c:\program files\RegClean\RegClean.exe" [2010-11-15 8777728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480] "nwiz"="nwiz.exe" [2007-03-01 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "uziotlpbuqdaejyzqalcTaskMgr"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] 2007-02-01 08:49 2154496 ----a-w- c:\program files\XpertVision\TBPANEL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] 2003-08-19 14:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Armin Mehmedagic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/04/2010 6:32 PM 20104] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/05/2010 2:53 PM 135336] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/04/2010 10:43 AM 147563] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6/04/2010 6:32 PM 25992] R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6/04/2010 6:32 PM 22024] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/04/2010 6:33 PM 25864] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/04/2010 6:32 PM 23048] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 10:43 PM 136176] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 4:28 AM 4639136] . Contents of the 'Scheduled Tasks' folder 2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50] 2010-05-29 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-06 07:29] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-26 c:\windows\Tasks\RegClean Scheduled Scan.job - c:\program files\RegClean\RegClean.exe [2010-11-15 03:47] 2010-11-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-26 18:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-11-26 18:24:29 ComboFix-quarantined-files.txt 2010-11-26 08:24 ComboFix2.txt 2010-11-25 15:49 ComboFix3.txt 2010-11-24 15:08 ComboFix4.txt 2010-11-24 13:55 Pre-Run: 310,743,400,448 bytes free Post-Run: 310,776,197,120 bytes free - - End Of File - - 81D05F8ADEFB3D4300C256E46A21D52C
  9. When i type fixmbr I get the following message: **CAUTION** This computer appears to have a non-standard or invalid master boot record. FIXMBR may damage your partition tables if you proceed. This could cause all the partitions on the current hard disk to become inaccessible. If you are not having problems accessing your drive, do not continue. Are you sure you want to write a new MBR ? Should I still continue ?
  10. Both files were expanded. Here's the new ComboFix log: ComboFix 10-11-24.04 - Armin Mehmedagic 26/11/2010 1:39.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1627 [GMT 10:00] Running from: c:\documents and settings\Armin Mehmedagic\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\explorer.exe C:\winlogon.exe c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 ))))))))))))))))))))))))))))))) . 2010-11-24 14:59 . 2006-02-28 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe 2010-11-24 14:59 . 2006-02-28 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe 2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\RegClean 2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\program files\RegClean 2010-11-24 10:52 . 2010-11-24 10:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-11-24 09:00 . 2010-11-24 09:00 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Registry Mechanic 2010-11-23 10:35 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-11-23 10:35 . 2006-02-28 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2010-11-23 06:05 . 2010-11-23 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-19 01:25 . 2010-11-19 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-19 01:25 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-19 01:25 . 2010-11-19 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iPod 2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iTunes 2010-11-17 05:28 . 2010-11-17 05:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\Safari 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\program files\ConduitEngine 2010-11-17 02:55 . 2010-11-17 02:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2010-11-06 01:37 . 2010-11-06 01:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-09 00:10 . 2010-05-06 04:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-09 00:10 . 2010-05-06 04:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-28 05:44 . 2010-09-16 05:53 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-09-28 05:44 . 2010-09-16 05:53 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-28 06:58 . 2006-02-28 12:00 199168 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-28 06:58 . 2010-08-28 06:58 744960 ----a-w- c:\windows\system32\IR41_32.DLL . ------- Sigcheck ------- [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2006-02-28 . B9DB64330AA75F0D65584043EB71392D . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe [-] 2006-02-28 . 0D7A327D55EE730503BC54E70CD912D4 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2010-11-24_13.49.19 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-25 15:38 . 2010-11-25 15:38 16384 c:\windows\Temp\Perflib_Perfdata_718.dat + 2006-02-28 12:00 . 2009-12-08 09:13 474112 c:\windows\system32\shlwapi.dll - 2006-02-28 12:00 . 2006-02-28 12:00 474112 c:\windows\system32\shlwapi.dll + 2006-02-28 12:00 . 2009-12-08 09:13 474112 c:\windows\system32\dllcache\shlwapi.dll - 2006-02-28 12:00 . 2006-02-28 12:00 474112 c:\windows\system32\dllcache\shlwapi.dll + 2009-12-08 08:59 . 2009-12-08 08:59 474112 c:\windows\$hf_mig$\KB975713\SP2QFE\shlwapi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-09-25 01:34 2735200 ----a-w- c:\program files\MB2\tbMB1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] 2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\Veoh_Web_Player\tbVeo2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] "Octoshape Streaming Services"="c:\documents and settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048] "RegClean"="c:\program files\RegClean\RegClean.exe" [2010-11-15 8777728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480] "nwiz"="nwiz.exe" [2007-03-01 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "uziotlpbuqdaejyzqalcTaskMgr"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] 2007-02-01 08:49 2154496 ----a-w- c:\program files\XpertVision\TBPANEL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] 2003-08-19 14:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Armin Mehmedagic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/04/2010 6:32 PM 20104] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/05/2010 2:53 PM 135336] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/04/2010 10:43 AM 147563] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6/04/2010 6:32 PM 25992] R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6/04/2010 6:32 PM 22024] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/04/2010 6:33 PM 25864] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/04/2010 6:32 PM 23048] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 10:43 PM 136176] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 4:28 AM 4639136] . Contents of the 'Scheduled Tasks' folder 2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50] 2010-05-29 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-06 07:29] 2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43] 2010-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job - c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15] 2010-11-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-26 01:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-11-26 01:49:38 ComboFix-quarantined-files.txt 2010-11-25 15:49 ComboFix2.txt 2010-11-24 15:08 ComboFix3.txt 2010-11-24 13:55 Pre-Run: 310,804,897,792 bytes free Post-Run: 310,915,604,480 bytes free - - End Of File - - 38F7220C73025D4B15B3DBFDB6C6DE85
  11. Oh sorry. After typing that command there was nothing, just a blank line. There was no message.
  12. I got the same message as before: Unable to create file explorer.exe 0 file(s) expanded. So it didn't seem to make a difference at all
  13. Yes there is. Its called I386. its capital "I" maybe that was the problem ?
  14. I can now boot normally but I still can't get those two files to expand
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.