Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Minecraft/deathcraft install causeing problems with registry classes


  • Please log in to reply
73 replies to this topic

#16 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 PM

Posted 04 March 2013 - 11:48 PM

Press Windows+R key and type

 

cmd and click ok and run these commands

 

 

regsvr32 “C:\Program Files\Malwarebytes’ Anti-Malware\mbamext.dll”
regsvr32 “C:\Program Files\Malwarebytes’ Anti-Malware\ssubtmr6.dll”
regsvr32 “C:\Program Files\Malwarebytes’ Anti-Malware\vbalsgrid6.ocx”

 

If all the three commands succeeds,run malwarebytes and let me know if that works.



BC AdBot (Login to Remove)

 


#17 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 March 2013 - 11:55 PM

I ran all 3, they all succeeded, ran malwarebytes and get the same error messages.



#18 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 PM

Posted 05 March 2013 - 12:03 AM

Download this mbam.exe

 

http://www.bleepstatic.com/fhost/uploads/1/mbam.exe

 

Copy the file to c:\programfiles\malwarebytes folder

 

and replace the original file.Now double click on mbam.exe and let me know if that works.



#19 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 12:07 AM

Nope it didn't work. One thing I noticed is that I no longer have an address bar when navigating thru folders. 



#20 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 PM

Posted 05 March 2013 - 12:18 AM

Download VB 6 from here

 

http://download.microsoft.com/download/5/a/d/5ad868a0-8ecd-4bb0-a882-fe53eb7ef348/VB6.0-KB290887-X86.exe

 

Install it,restart the PC and try to run malwarebytes



#21 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 12:27 AM

You did it!!! Malwarebytes is update and scanning as we speak. I'll post a log in the morning. 



#22 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 PM

Posted 05 March 2013 - 12:33 AM

:thumbup2:



#23 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 05:09 AM

Malwarebytes log:

 

 

alwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.05.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MANDO [administrator]
 
3/4/2013 11:26:22 PM
mbam-log-2013-03-04 (23-26-22).txt
 
Scan type: Full scan (F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334016
Time elapsed: 36 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 534393472bcf2e962d9c0c9d79df401e -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#24 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 05:12 AM

Minibox log:

 

 

MiniToolBox by Farbar  Version:01-03-2013
Ran by Administrator (administrator) on 05-03-2013 at 04:11:37
Running from "F:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
 
WARNING: Could not obtain host information from machine: [MANDO]. Some commands may not be available.
Class not registered
 
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : mando
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection
 
        Physical Address. . . . . . . . . : 00-19-D1-4C-B2-5D
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 10.0.0.2
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 10.0.0.1
 
        DHCP Server . . . . . . . . . . . : 10.0.0.1
 
        DNS Servers . . . . . . . . . . . : 10.0.0.1
 
        Lease Obtained. . . . . . . . . . : Monday, March 04, 2013 11:22:47 PM
 
        Lease Expires . . . . . . . . . . : Tuesday, March 05, 2013 11:22:47 PM
 
Server:  UnKnown
Address:  10.0.0.1
 
Name:    google.com
Addresses:  74.125.225.228, 74.125.225.229, 74.125.225.230, 74.125.225.231
      74.125.225.232, 74.125.225.233, 74.125.225.238, 74.125.225.224, 74.125.225.225
      74.125.225.226, 74.125.225.227
 
 
 
Pinging google.com [74.125.225.230] with 32 bytes of data:
 
 
 
Reply from 74.125.225.230: bytes=32 time=33ms TTL=49
 
Reply from 74.125.225.230: bytes=32 time=29ms TTL=50
 
 
 
Ping statistics for 74.125.225.230:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 29ms, Maximum = 33ms, Average = 31ms
 
Server:  UnKnown
Address:  10.0.0.1
 
Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=134ms TTL=43
 
Reply from 206.190.36.45: bytes=32 time=196ms TTL=43
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 134ms, Maximum = 196ms, Average = 165ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 4c b2 5d ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.2      20
         10.0.0.0    255.255.255.0         10.0.0.2        10.0.0.2      20
         10.0.0.2  255.255.255.255        127.0.0.1       127.0.0.1      20
   10.255.255.255  255.255.255.255         10.0.0.2        10.0.0.2      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
        224.0.0.0        240.0.0.0         10.0.0.2        10.0.0.2      20
  255.255.255.255  255.255.255.255         10.0.0.2        10.0.0.2      1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 F:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 F:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 F:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 F:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 F:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/03/2013 11:08:33 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcShutting down. (Error: 997)
 
Error: (03/01/2013 09:33:22 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)
 
Error: (02/17/2013 01:56:53 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (02/16/2013 03:24:05 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
System errors:
=============
Error: (03/04/2013 04:06:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (03/04/2013 10:12:44 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
Error: (03/04/2013 10:12:17 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
Error: (03/03/2013 10:29:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/03/2013 10:10:56 PM) (Source: DCOM) (User: MANDO)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/03/2013 10:10:52 PM) (Source: DCOM) (User: MANDO)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/03/2013 10:09:18 PM) (Source: DCOM) (User: MANDO)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/03/2013 10:08:27 PM) (Source: DCOM) (User: MANDO)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/03/2013 10:07:43 PM) (Source: DCOM) (User: MANDO)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/03/2013 10:07:31 PM) (Source: DCOM) (User: MANDO)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
Microsoft Office Sessions:
=========================
Error: (03/03/2013 11:08:33 AM) (Source: CltMngSvc)(User: )
Description: CltMngSvcShutting down. (Error: 997)
 
Error: (03/01/2013 09:33:22 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)
 
Error: (02/17/2013 01:56:53 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (02/16/2013 03:24:05 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.0.29038)
 
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 5.7.5.30)
aioscnnr (Version: 7.6.11.10)
AnyDVD (Version: 7.1.5.0)
avast! Free Antivirus (Version: 8.0.1482.0)
AviSynth 2.5
CCleaner (Version: 3.28)
center (Version: 6.2.5.0)
CWA Reminder by We-Care.com v4.1.21.3 (Version: 4.1.21.3)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
essentials (Version: 6.0.14.0)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
Google Chrome (Version: 25.0.1364.97)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Haali Media Splitter
ImgBurn (Version: 2.5.7.0)
Intel Audio Studio 2.0 (Version: 2.00.00131)
Intel® PRO Network Connections (Version: )
Java 7 Update 13 (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.6.12.20)
Logitech SetPoint 6.51 (Version: 6.51.8)
LogMeIn (Version: 4.1.2651)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
MyFreeCodec
NetAssistant (Version: 3.8.3)
NVIDIA Control Panel 310.90 (Version: 310.90)
NVIDIA Graphics Driver 310.90 (Version: 310.90)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
ocr (Version: 6.2.3.50)
PreReq (Version: 6.2.4.0)
PrintProjects (Version: 1.0.0.9282)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller Pro 3.0.2 (Version: 3.0.2)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
SigmaTel Audio (Version: 5.10.4821.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
W3i NetAssistant (Version: 3.8.3)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Yahoo! Software Update
Yahoo! Toolbar
 
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 43%
Total physical RAM: 2045.5 MB
Available physical RAM: 1147.9 MB
Total Pagefile: 3938.32 MB
Available Pagefile: 3082.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.34 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.78 GB) (Free:70.72 GB) NTFS
2 Drive d: (Elements) (Fixed) (Total:465.76 GB) (Free:193.94 GB) NTFS
4 Drive f: () (Fixed) (Total:1397.25 GB) (Free:1226.72 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\MANDO
 
Administrator            Armando                  ASPNET                   
Gloria                   Guest                    HelpAssistant            
Jr                       Leticia                  SUPPORT_388945a0         
UpdatusUser              
 
 
**** End of log ****


#25 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 05:23 AM

adwCleaner log:

 

 

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 04:14:24
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - MANDO
# Boot Mode : Normal
# Running from : F:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
File Deleted : F:\END
Folder Deleted : F:\Documents and Settings\Administrator\Application Data\Babylon
Folder Deleted : F:\Documents and Settings\Administrator\Application Data\PriceGong
Folder Deleted : F:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : F:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : F:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : F:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : F:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : F:\Program Files\Conduit
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\ae88d0b53eb845
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.1831] : homepage = "hxxp://www.delta-search.com/?affID=121107&babsrc=HP_ss&mntrId=c0e90f7700000000000000[...]
 
*************************
 
AdwCleaner[R1].txt - [6775 octets] - [05/03/2013 04:13:58]
AdwCleaner[S1].txt - [6538 octets] - [05/03/2013 04:14:24]
 
########## EOF - F:\AdwCleaner[S1].txt - [6598 octets] ##########
 


#26 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 05:31 AM

junkware log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Tue 03/05/2013 at  4:24:26.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-117609710-362288127-1801674531-500\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "F:\Documents and Settings\All Users\application data\pc optimizer pro"
Successfully deleted: [Folder] "F:\Program Files\w3i"
Successfully deleted: [Folder] "F:\Documents and Settings\Administrator\start menu\programs\netassistant"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ippkomaaonokjnfjoikaemidanojkfmm
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/05/2013 at  4:29:58.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#27 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 05:34 AM

rkill log:

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/05/2013 04:32:59 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * F:\Documents and Settings\Administrator\Desktop\JRT.exe (PID: 2280) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 03/05/2013 04:33:24 AM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)


#28 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 05:38 AM

autoruns log:

 

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "avast"    "avast! Antivirus"    "AVAST Software"    "f:\program files\avast software\avast\avastui.exe"
+ "EKIJ5000StatusMonitor"    "Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)"    "Eastman Kodak Company"    "f:\windows\system32\spool\drivers\w32x86\3\ekij5000mui.exe"
+ "EKStatusMonitor"    "Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)"    "Eastman Kodak Company"    "f:\program files\kodak\aio\statusmonitor\ekstatusmonitor.exe"
+ "EvtMgr6"    "Logitech SetPoint Event Manager (UNICODE)"    "Logitech, Inc."    "f:\program files\logitech\setpointp\setpoint.exe"
+ "IntelAudioStudio"    "Intel® Audio Studio"    "Intel Corporation"    "f:\program files\intel audio studio\intelaudiostudio.exe"
+ "KiesTrayAgent"    "Kies TrayAgent Application"    "Samsung Electronics Co., Ltd."    "f:\program files\samsung\kies\kiestrayagent.exe"
+ "LogMeIn GUI"    "LogMeIn Desktop Application"    "LogMeIn, Inc."    "f:\program files\logmein\x86\logmeinsystray.exe"
+ "NvCplDaemon"    "NVIDIA Display Properties Extension"    "NVIDIA Corporation"    "f:\windows\system32\nvcpl.dll"
+ "NvMediaCenter"    "NVIDIA Media Center Library"    "NVIDIA Corporation"    "f:\windows\system32\nvmctray.dll"
+ "nwiz"    "NVIDIA nView Wizard, Version 136.53 "    "NVIDIA Corporation"    "f:\program files\nvidia corporation\nview\nwiz.exe"
+ "SigmatelSysTrayApp"    ""    ""    "File not found: sttray.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "f:\program files\common files\java\java update\jusched.exe"
+ "TkBellExe"    "RealNetworks Scheduler"    "RealNetworks, Inc."    "f:\program files\real\realplayer\update\realsched.exe"
"F:\Documents and Settings\Administrator\Start Menu\Programs\Startup"    ""    ""    ""
+ "Logitech . Product Registration.lnk"    "Product Registration"    "Leader Technologies/Logitech"    "f:\program files\common files\logishrd\ereg\setpoint\ereg.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Address Book 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "f:\program files\outlook express\setup50.exe"
+ "Google Chrome"    "Google Chrome"    "Google Inc."    "f:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe"
+ "Microsoft Outlook Express 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "f:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "AnyDVD"    "AnyDVD Application"    "SlySoft, Inc."    "f:\program files\slysoft\anydvd\anydvdtray.exe"
+ "KiesPreload"    "Kies"    "Samsung"    "f:\program files\samsung\kies\kies.exe"
+ "uTorrent"    "µTorrent"    "BitTorrent Inc."    "f:\documents and settings\administrator\application data\utorrent\utorrent.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "f:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "ms-help"    "Microsoft® Help Data Services Module"    "Microsoft Corporation"    "f:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"    ""    ""    ""
+ "0"    ""    ""    "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""
+ "Groove GFS Stub Execution Hook"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "f:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "f:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "00nView"    "NVIDIA Desktop Explorer, Version 136.53 "    "NVIDIA Corporation"    "f:\program files\nvidia corporation\nview\nvshell.dll"
+ "NvCplDesktopContext"    "NVIDIA Display Properties Extension"    "NVIDIA Corporation"    "f:\windows\system32\nvcpl.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "f:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "f:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "RUShellExt"    "Revo Uninstaller Pro Extension"    "VS Revo Group"    "f:\program files\vs revo group\revo uninstaller pro\ruext.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "f:\program files\avast software\avast\ashshell.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "f:\program files\avast software\avast\aswwebrepie.dll"
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "f:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO"    "GoogleToolbarNotifier"    "Google Inc."    "f:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll"
+ "Groove GFS Browser Helper"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "f:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "f:\program files\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\urlredir.dll"
+ "RealNetworks Download and Record Plugin for Internet Explorer"    "RealPlayer Download and Record Plugin"    "RealDownloader"    "f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks"    ""    ""    ""
+ "YTNavAssistPlugin Class"    "Yahoo! Toolbar"    "Yahoo! Inc."    "f:\program files\yahoo!\companion\installs\cpn0\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "f:\program files\avast software\avast\aswwebrepie.dll"
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "f:\program files\google\google toolbar\googletoolbar_32.dll"
"HKCU\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "We-Care Add-on"    ""    ""    "File not found: F:\Documents and Settings\All Users\Application Data\WeCareReminder\IEMenuItem.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\onbttnie.dll"
+ "Windows Messenger"    "Windows Messenger"    "Microsoft Corporation"    "f:\program files\messenger\msmsgs.exe"
"Task Scheduler"    ""    ""    ""
+ "Adobe Flash Player Updater.job"    "Adobe® Flash® Player Update Service 11.6 r602"    "Adobe Systems Incorporated"    "f:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "At1.job"    ""    ""    "File not found: F:\DOCUME~1\ADMINI~1\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE /Check"
+ "avast! Emergency Update.job"    "avast! Emergency Update"    "AVAST Software"    "f:\program files\avast software\avast\avastemupdate.exe"
+ "GoogleUpdateTaskMachineCore.job"    "Google Installer"    "Google Inc."    "f:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job"    "Google Installer"    "Google Inc."    "f:\program files\google\update\googleupdate.exe"
+ "RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-362288127-1801674531-500.job"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "f:\program files\real\realupgrade\realupgrade.exe"
+ "RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-362288127-1801674531-500.job"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "f:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "f:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "avast! Antivirus"    "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler."    "AVAST Software"    "f:\program files\avast software\avast\avastsvc.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "f:\program files\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "f:\program files\google\update\googleupdate.exe"
+ "gusvc"    "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."    "Google"    "f:\program files\google\common\google updater\googleupdaterservice.exe"
+ "JavaQuickStarterService"    "Prefetches JRE files for faster startup of Java applets and applications"    "Oracle Corporation"    "f:\program files\java\jre7\bin\jqs.exe"
+ "Kodak AiO Network Discovery Service"    "Kodak mDNS Network Discovery Service"    "Eastman Kodak Company"    "f:\program files\kodak\aio\center\ekaiohostservice.exe"
+ "Kodak AiO Status Monitor Service"    "Kodak Status Monitor SDK Service"    "Eastman Kodak Company"    "f:\program files\kodak\aio\statusmonitor\ekprintersdk.exe"
+ "LBTServ"    "Logitech Bluetooth Service"    "Logitech, Inc."    "f:\program files\common files\logishrd\bluetooth\lbtserv.exe"
+ "LMIGuardianSvc"    "Support LogMeIn processes with quality assurance feedback"    "LogMeIn, Inc."    "f:\program files\logmein\x86\lmiguardiansvc.exe"
+ "LMIMaint"    "LogMeIn Maintenance Service"    "LogMeIn, Inc."    "f:\program files\logmein\x86\ramaint.exe"
+ "LogMeIn"    "LogMeIn"    "LogMeIn, Inc."    "f:\program files\logmein\x86\logmein.exe"
+ "Microsoft SharePoint Workspace Audit Service"    "Microsoft SharePoint Workspace"    "Microsoft Corporation"    "f:\program files\microsoft office\office14\groove.exe"
+ "NVSvc"    "NVIDIA Driver Helper Service, Version 310.90"    "NVIDIA Corporation"    "f:\windows\system32\nvsvc32.exe"
+ "nvUpdatusService"    "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server."    "NVIDIA Corporation"    "f:\program files\nvidia corporation\nvidia update core\daemonu.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "f:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "f:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RealNetworks Downloader Resolver Service"    "Manage different Downloader versions in RealNetworks' products."    ""    "f:\program files\realnetworks\realdownloader\rndlresolversvc.exe"
+ "YahooAUService"    "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements."    "Yahoo! Inc."    "f:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AnyDVD"    "AnyDVD Filter Driver"    "SlySoft, Inc."    "f:\windows\system32\drivers\anydvd.sys"
+ "aswFsBlk"    "avast! mini-filter driver (aswFsBlk)"    "AVAST Software"    "f:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt"    "avast! mini-filter driver (aswMonFlt)"    "AVAST Software"    "f:\windows\system32\drivers\aswmonflt.sys"
+ "AswRdr"    "avast! TDI Redirect driver"    "AVAST Software"    "f:\windows\system32\drivers\aswrdr.sys"
+ "aswRvrt"    "avast! Revert"    ""    "f:\windows\system32\drivers\aswrvrt.sys"
+ "aswSnx"    "avast! virtualization driver (aswSnx)"    "AVAST Software"    "f:\windows\system32\drivers\aswsnx.sys"
+ "aswSP"    "avast! Self Protection"    "AVAST Software"    "f:\windows\system32\drivers\aswsp.sys"
+ "aswTdi"    "avast! Network Shield TDI driver"    "AVAST Software"    "f:\windows\system32\drivers\aswtdi.sys"
+ "aswVmm"    "avast! VM Monitor"    ""    "f:\windows\system32\drivers\aswvmm.sys"
+ "Changer"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\Changer.sys"
+ "e1express"    "Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver"    "Intel Corporation"    "f:\windows\system32\drivers\e1e5132.sys"
+ "ElbyCDIO"    "ElbyCD Windows NT/2000/XP I/O driver"    "Elaborate Bytes AG"    "f:\windows\system32\drivers\elbycdio.sys"
+ "HDAudBus"    "High Definition Audio Bus Driver v1.0a"    "Windows ® Server 2003 DDK provider"    "f:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "LBeepKE"    "Logitech Consumer Control Filter Driver."    "Logitech, Inc."    "f:\windows\system32\drivers\lbeepke.sys"
+ "lbrtfdc"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LEqdUsb"    "Logitech Equad USB Driver."    "Logitech, Inc."    "f:\windows\system32\drivers\leqdusb.sys"
+ "LHidEqd"    "Logitech HID Filter Driver."    "Logitech, Inc."    "f:\windows\system32\drivers\lhideqd.sys"
+ "LHidFilt"    "Logitech HID Filter Driver."    "Logitech, Inc."    "f:\windows\system32\drivers\lhidfilt.sys"
+ "LMIInfo"    "RemotelyAnywhere Kernel Information Provider"    "LogMeIn, Inc."    "f:\program files\logmein\x86\rainfo.sys"
+ "lmimirr"    "LogMeIn Mirror Miniport Driver"    "LogMeIn, Inc."    "f:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver"    "LogMeIn Rfs Drivemap Driver"    "LogMeIn, Inc."    "f:\windows\system32\drivers\lmirfsdriver.sys"
+ "LMouFilt"    "Logitech Mouse Filter Driver."    "Logitech, Inc."    "f:\windows\system32\drivers\lmoufilt.sys"
+ "NAL"    "Intel® Network Adapter Diagnostic Driver"    "Intel Corporation "    "f:\windows\system32\drivers\iqvw32.sys"
+ "nv"    "NVIDIA Windows XP Miniport Driver, Version 310.90 "    "NVIDIA Corporation"    "f:\windows\system32\drivers\nv4_mini.sys"
+ "NVHDA"    "NVIDIA HDMI Audio Driver"    "NVIDIA Corporation"    "f:\windows\system32\drivers\nvhda32.sys"
+ "PCIDump"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink"    "Direct Parallel Link Driver"    "Parallel Technologies, Inc."    "f:\windows\system32\drivers\ptilink.sys"
+ "Revoflt"    "Revo Uninstaller Filter driver"    "VS Revo Group"    "f:\windows\system32\drivers\revoflt.sys"
+ "Secdrv"    "SafeDisc driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "f:\windows\system32\drivers\secdrv.sys"
+ "sfng32"    "SFNG32.SYS"    "Sonic Focus, Inc"    "f:\windows\system32\drivers\sfng32.sys"
+ "STHDA"    "NDRC"    "SigmaTel, Inc."    "f:\windows\system32\drivers\sthda.sys"
+ "WDICA"    ""    ""    "File not found: F:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.iac2"    "Indeo® audio software"    "Intel Corporation"    "f:\windows\system32\iac25_32.ax"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "f:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet"    "Audio codec for MS ACM"    "Sipro Lab Telecom Inc."    "f:\windows\system32\sl_anet.acm"
+ "msacm.trspch"    "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50"    "DSP GROUP, INC."    "f:\windows\system32\tssoft32.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "f:\windows\system32\iccvid.dll"
+ "VIDC.FFDS"    "ffdshow VFW"    ""    "f:\windows\system32\ff_vfw.dll"
+ "vidc.iv31"    ""    ""    "f:\windows\system32\ir32_32.dll"
+ "vidc.iv32"    ""    ""    "f:\windows\system32\ir32_32.dll"
+ "vidc.iv41"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "f:\windows\system32\ir41_32.ax"
+ "vidc.iv50"    "Intel Indeo® video 5.10"    "Intel Corporation"    "f:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter"    ""    ""    ""
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "f:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "f:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "f:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "f:\windows\system32\ir41_32.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "LBTWlgn"    "Logitech Bluetooth Service"    "Logitech, Inc."    "f:\program files\common files\logishrd\bluetooth\lbtwlgn.dll"
+ "LMIinit"    "LogMeIn Remote Control Helper"    "LogMeIn, Inc."    "f:\windows\system32\lmiinit.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "KODAK EASYSHARE All-in-One Printer"    "Language Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)"    "Eastman Kodak Company"    "f:\windows\system32\ekij5000mon.dll"
+ "LogMeIn Printer Port Monitor"    "RemotelyAnywhere Printer Port Monitor"    "LogMeIn, Inc."    "f:\windows\system32\lmiport.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order"    ""    ""    ""
+ "LMIRfsClientNP"    "LogMeIn Virtual Disk Network"    "LogMeIn, Inc."    "f:\windows\system32\lmirfsclientnp.dll"


#29 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:51 PM

Posted 05 March 2013 - 06:13 AM

Run malwarebytes and post the new log.

 

Do you still IE issues? If yes

 

go to add or remove programs and uninstall

 

Windows Internet Explorer 8 (Version: 20090308.140743)
 
Restart the PC and it should rollback to IE 7.Now reinstall IE 8


#30 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 March 2013 - 06:54 AM

IE is running normal. Still no address bar in folders.
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.05.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MANDO [administrator]
 
3/5/2013 5:22:52 AM
mbam-log-2013-03-05 (05-22-52).txt
 
Scan type: Full scan (F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332965
Time elapsed: 28 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users