Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gsar: unable to open input file 'regedit.exe'


  • This topic is locked This topic is locked
2 replies to this topic

#1 UnrealBIO

UnrealBIO

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 27 September 2012 - 09:23 AM

Posted Image (sorry if bad english) everything is allright with regedit.exe . it exists in C:\WINDOWS .I think there is no problem with my PC. I have 2 PC. Both of these have the same error and both of these running AVG antivirus(1 of them running AVG 2012 another 2013).I remove avg with avg removal tool but nothing. i Searched for this in google error 8 hours but cant find anything. Please help :( and dont say it is not matter or not dangerous i just want to fix it ok?
here is the log:

ComboFix 12-09-26.06 - Neznayka 09/27/2012 6:39.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.765.337 [GMT -7:00]
Running from: H:\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 13:00 . 2012-09-27 13:00 -------- d-----w- c:\program files\7-Zip
2012-09-27 08:48 . 2012-09-27 08:48 -------- d-----w- c:\documents and settings\Local_Admin
2012-09-25 21:26 . 2012-09-25 21:26 40960 ----a-w- c:\windows\system32\nwsftUninstall.exe
2012-09-25 21:26 . 2012-09-25 21:36 -------- d-----w- c:\program files\NewSoftware's
2012-09-25 20:52 . 2012-09-25 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-09-25 20:33 . 2008-04-14 12:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-09-25 20:33 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-09-25 20:33 . 2008-04-14 12:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-09-25 20:33 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-09-25 20:33 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-09-25 20:33 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-09-25 20:31 . 2008-04-14 05:04 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2012-09-25 20:30 . 2001-08-17 20:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-09-25 20:29 . 2001-08-18 05:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-09-25 20:28 . 2001-08-17 21:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2012-09-25 20:27 . 2001-08-17 21:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2012-09-25 20:26 . 2001-08-18 05:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-09-25 20:25 . 2008-04-14 07:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-09-25 20:24 . 2001-07-21 21:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-09-25 20:23 . 2001-08-17 21:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-09-25 20:22 . 2001-08-17 19:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2012-09-25 20:21 . 2001-08-17 20:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-09-25 20:20 . 2001-08-17 21:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2012-09-25 20:19 . 2001-08-17 21:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-09-25 20:18 . 2008-04-14 05:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-09-25 20:17 . 2001-08-17 19:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-09-25 20:16 . 2001-08-17 19:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2012-09-25 20:15 . 2001-08-18 05:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-09-25 20:14 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-09-25 20:13 . 2001-08-17 21:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2012-09-25 20:12 . 2001-08-18 05:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-09-25 20:11 . 2008-04-14 07:06 46464 -c--a-w- c:\windows\system32\dllcache\gagp30kx.sys
2012-09-25 20:10 . 2001-08-18 05:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2012-09-25 20:09 . 2001-08-17 19:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2012-09-25 20:08 . 2001-08-17 19:17 29531 -c--a-w- c:\windows\system32\dllcache\dgapci.sys
2012-09-25 20:07 . 2008-04-14 07:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2012-09-25 20:06 . 2008-04-14 07:16 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2012-09-25 20:05 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-09-25 20:04 . 2001-08-17 21:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2012-09-25 20:04 . 2008-04-14 07:16 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2012-09-25 20:04 . 2008-04-14 07:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2012-09-25 20:04 . 2001-08-17 21:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2012-09-25 20:04 . 2001-08-17 20:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2012-09-25 20:04 . 2001-08-17 19:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2012-09-25 20:04 . 2001-08-17 21:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2012-09-25 20:04 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-09-25 20:04 . 2008-04-14 07:57 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-09-25 19:34 . 2008-02-04 08:10 237776 ----a-w- c:\windows\system32\tpuninst.exe
2012-09-25 12:10 . 2012-09-25 12:14 -------- d-----w- c:\program files\W3i, LLC
2012-09-25 10:14 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-09-25 10:14 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-09-25 09:59 . 2012-09-25 12:34 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-09-25 09:51 . 2012-09-25 09:51 -------- d-----w- c:\program files\ScenicReflections
2012-09-25 07:53 . 2012-09-25 07:53 -------- d-----w- c:\program files\UltraISO
2012-09-25 07:53 . 2012-09-25 07:53 -------- d-----w- c:\program files\Common Files\EZB Systems
2012-09-25 07:04 . 2012-09-25 07:04 -------- d-----w- c:\program files\CPUID
2012-09-24 15:55 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-09-24 15:26 . 2008-04-14 07:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2012-09-24 15:26 . 2008-04-14 07:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-24 15:26 . 2008-04-14 07:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2012-09-24 15:26 . 2008-04-14 07:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2012-09-23 18:17 . 2012-09-23 18:17 -------- d-----w- c:\documents and settings\Neznayka\Application Data\Styler
2012-09-23 18:14 . 2012-09-23 18:17 -------- d-----w- c:\program files\Styler
2012-09-23 10:47 . 2012-09-23 10:47 -------- d-----w- c:\program files\Motorola
2012-09-23 10:46 . 2007-01-29 22:26 984832 ----a-w- c:\windows\system32\drivers\smserial.sys
2012-09-23 10:46 . 2007-01-29 22:22 196608 ----a-w- c:\windows\system32\sm56co6a.dll
2012-09-22 16:57 . 2012-09-22 16:57 -------- d-----w- c:\windows\Sun
2012-09-22 16:57 . 2012-09-22 16:57 -------- d-----w- c:\documents and settings\Neznayka\Local Settings\Application Data\Sun
2012-09-22 16:57 . 2012-09-22 16:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-22 16:57 . 2012-09-22 16:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-22 16:07 . 2012-09-22 16:07 -------- d-----w- c:\documents and settings\Neznayka\Application Data\InstallShield
2012-09-22 16:06 . 2012-09-22 16:06 -------- d-----w- C:\SWSetup
2012-09-21 10:04 . 2012-09-23 17:42 -------- d-----w- c:\documents and settings\Neznayka\Application Data\IDM
2012-09-21 10:04 . 2012-09-21 10:05 -------- d-----w- c:\program files\Internet Download Manager
2012-09-20 10:55 . 2012-09-20 10:55 -------- d-----w- c:\documents and settings\Neznayka\Local Settings\Application Data\Wisdom-soft
2012-09-20 10:55 . 2012-09-20 10:55 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 6.0 Free
2012-09-20 03:17 . 2012-09-20 07:16 -------- d-----w- c:\documents and settings\Neznayka\Local Settings\Application Data\Adobe
2012-09-17 10:39 . 2012-09-17 10:41 -------- d-----w- c:\documents and settings\Neznayka\Local Settings\Application Data\Opera
2012-09-17 10:37 . 2011-06-30 15:15 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-09-17 08:55 . 2012-09-17 08:55 -------- d-----w- c:\documents and settings\Neznayka\Application Data\TuneUp Software
2012-09-17 06:29 . 2012-09-17 06:29 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-09-16 13:53 . 2012-09-25 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-09-16 13:47 . 2012-09-16 13:47 -------- d-----w- c:\documents and settings\Neznayka\Local Settings\Application Data\Audiggle_LTD
2012-09-16 13:42 . 2009-11-28 01:31 216576 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2012-09-15 12:59 . 2012-09-27 04:15 -------- d-----w- c:\documents and settings\Neznayka\Application Data\vlc
2012-09-15 12:23 . 2012-09-15 12:23 -------- d-----w- c:\program files\GRETECH
2012-09-11 02:13 . 2012-09-11 02:13 -------- d-s---w- c:\documents and settings\Neznayka\UserData
2012-09-11 02:13 . 2012-09-15 19:39 -------- d-----w- c:\program files\AlterGeo
2012-09-10 08:56 . 2012-09-10 09:02 -------- d-----w- c:\documents and settings\Neznayka\Application Data\Resource Tuner
2012-09-10 07:57 . 2012-09-10 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2012-09-10 07:35 . 2012-09-10 07:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2012-09-10 07:08 . 2012-09-10 07:08 -------- d-----w- c:\documents and settings\All Users\CyberLink
2012-09-10 07:07 . 2012-09-10 07:07 -------- d-----w- c:\documents and settings\Neznayka\Application Data\CyberLink
2012-09-10 07:06 . 2012-09-10 07:06 -------- d-----w- c:\program files\InstallShield Installation Information
2012-09-10 07:03 . 2012-09-10 07:05 -------- d-----w- c:\program files\CyberLink
2012-09-10 06:56 . 2012-09-15 12:29 -------- d-----w- c:\program files\VideoLAN
2012-09-10 04:09 . 2012-09-17 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AlterGeo
2012-09-09 13:45 . 2012-09-09 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2012-09-09 13:39 . 2012-09-09 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2012-09-09 07:55 . 2012-09-09 07:55 -------- d-----w- c:\documents and settings\Neznayka\Application Data\AVS4YOU
2012-09-09 07:51 . 2012-03-24 02:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-09-09 07:51 . 2012-09-09 07:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-09-09 07:51 . 2012-03-24 02:59 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-09-09 07:51 . 2012-03-24 02:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-09-09 07:51 . 2012-09-09 13:46 -------- d-----w- c:\program files\AVS4YOU
2012-09-09 07:51 . 2012-09-09 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2012-09-06 23:02 . 2012-09-07 09:58 -------- d-----w- c:\documents and settings\Neznayka\Application Data\Eltima Software
2012-09-05 12:35 . 2012-08-02 00:23 109768 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-09-04 14:57 . 2012-09-04 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-09-04 13:57 . 2012-09-04 13:57 -------- d-----w- c:\documents and settings\Administrator
2012-09-04 13:57 . 2003-06-25 23:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2012-09-04 13:35 . 2012-09-04 13:35 -------- d--h--w- c:\windows\PIF
2012-09-04 13:33 . 2012-09-04 13:33 -------- d-----w- c:\documents and settings\Neznayka\Application Data\Auslogics
2012-09-04 12:47 . 2012-01-25 19:00 17136 ----a-w- c:\windows\system32\sasnative32.exe
2012-09-04 12:46 . 2012-09-15 19:39 -------- d-----w- c:\program files\Advanced System Optimizer 3
2012-09-04 12:46 . 2012-09-04 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2012-09-04 12:40 . 2012-09-25 19:43 2416 ----a-w- c:\windows\system32\ASOROSet.bin
2012-09-04 12:08 . 2012-09-10 07:06 -------- d-----w- c:\documents and settings\Neznayka\Local Settings\Application Data\Apple Computer
2012-09-04 12:08 . 2012-09-04 12:08 -------- d-----w- c:\documents and settings\Neznayka\Application Data\Apple Computer
2012-09-04 12:05 . 2012-09-04 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-09-04 12:05 . 2012-09-04 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-09-04 12:05 . 2012-09-04 12:05 -------- d-----w- c:\documents and settings\Neznayka\Local Settings\Application Data\Apple
2012-09-04 12:05 . 2012-09-04 12:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-09-04 12:05 . 2012-09-04 12:23 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-04 12:03 . 2012-09-04 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 01:03 . 2012-07-12 01:03 103568 ----a-w- c:\windows\system32\NaturalReaderCL.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0}]
2008-04-14 12:00 78848 ----a-w- c:\windows\system32\msiexec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2010-10-26 53248]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-06-27 569344]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Neznayka^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Neznayka\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SkypeUpdate"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"ASO3DiskOptimizer"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Neznayka\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [9/5/2012 5:35 AM 109768]
S0 EMSC;Embedded System Control;c:\windows\system32\drivers\EMSC.sys [8/23/2012 12:47 PM 14960]
S2 NEWDRIVER;NEWDRIVER;\??\c:\windows\system32\WinVDEdrv6.sys --> c:\windows\system32\WinVDEdrv6.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/3/2012 1:45 AM 1691480]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/24/2012 7:58 AM 27064]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\NSM\0203000.01A\symrdr.sys [9/4/2012 4:21 AM 197624]
S4 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [9/4/2012 5:46 AM 240480]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-651377827-1547161642-1003Core.job
- c:\documents and settings\Neznayka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 21:18]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-651377827-1547161642-1003UA.job
- c:\documents and settings\Neznayka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-27 06:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17451098-640e-4a4b-871e-f079ae6cbf08}]
@Denied: (Full) (Everyone)
"Model"=dword:00000104
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8c,97,a2,26,f8,6d,21,64,a8,7b,76,3f,07,de,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):93,43,f8,c1,ae,20,e4,43,c5,ab,15,6d,f6,72,4d,c5,e0,de,07,0c,b2,
60,1f,b5,7e,11,4c,56,a7,f2,e5,0d,cd,06,03,5f,12,39,68,c8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3736)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
.
Completion time: 2012-09-27 06:44:44
ComboFix-quarantined-files.txt 2012-09-27 13:44
ComboFix2.txt 2012-09-27 11:40
ComboFix3.txt 2012-09-27 06:33
ComboFix4.txt 2012-09-26 08:07
.
Pre-Run: 12,091,027,456 bytes free
Post-Run: 12,081,111,040 bytes free
.
- - End Of File - - 7F96D00AF06F26E077EA77D957E64BA4

Edited by hamluis, 27 September 2012 - 03:16 PM.
Merged topics, moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 29 September 2012 - 08:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Lets find out more about the Regedit.exe file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    SCRIPT HERE... file....

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Please post the log and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 05 October 2012 - 08:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users