• New Patreon Tier and Early Access Content available. If you would like to support AVForums, we now have a new Patreon Tier which gives you access to selected news, reviews and articles before they are available to the public. Read more.

Windows XP not shutting down

GaryMo

Well-known Member
For the last couple of days I've had a problem where I click the icon to shut windows down and nothing at all happens.
My PC functions as normal, as if I hadn't even requested a shutdown.

I've tried it numerous times in a row but nothing.
Last night I had to resort to a hard power down but for obvious reasons I can't keep doing that.

Any ideas?
 

aliEnRIK

Active Member

GaryMo

Well-known Member
Thanks for taking time to reply and offering your help.

Ill do exactly as you suggest when i get home from work this evening.

One thing I did do last night was to run a full scan of Avira Anti-Virus and Spybot Seach and Destroy, both having latest definitions.
All results were clean.
 
Last edited:

GaryMo

Well-known Member
Log from Malwarebytes:



Malwarebytes' Anti-Malware 1.41
Database version: 2915
Windows 5.1.2600 Service Pack 3

06/10/2009 18:47:58
mbam-log-2009-10-06 (18-47-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 288994
Time elapsed: 1 hour(s), 34 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\groupmanager.exe (Trojan.Clicker) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f675c54f-60b6-4fd8-bba0-443c493305eb} (Password.Stealer) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmpmettklf (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\groupmanager (Trojan.Clicker) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\groupmanager.exe (Trojan.Clicker) -> No action taken.
 

GaryMo

Well-known Member
Log from Hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:11, on 06/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185112921906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185121156156
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 12172 bytes
 

aliEnRIK

Active Member
Log from Malwarebytes:



Malwarebytes' Anti-Malware 1.41
Database version: 2915
Windows 5.1.2600 Service Pack 3

06/10/2009 18:47:58
mbam-log-2009-10-06 (18-47-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 288994
Time elapsed: 1 hour(s), 34 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\groupmanager.exe (Trojan.Clicker) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f675c54f-60b6-4fd8-bba0-443c493305eb} (Password.Stealer) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmpmettklf (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\groupmanager (Trojan.Clicker) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\groupmanager.exe (Trojan.Clicker) -> No action taken.


2 things ~
1. youve not TICKED them and selected to REMOVE them so im afraid your going to have to rescan (They all say 'NO ACTION TAKEN')
2. PASSWORD stealer is very VERY bad news! Do you do online banking or transactions? (ebay, amazon, paypal etc)
If so you really need to check to see if anyones been spending your money recently!
REMOVE it using malwarebytes and then you need to change ALL your passwords that are important (Email, paypal, banking etc)

Ill check the hijack later (Only just got in from work)
 

GaryMo

Well-known Member
2 things ~
1. youve not TICKED them and selected to REMOVE them so im afraid your going to have to rescan (They all say 'NO ACTION TAKEN')
2. PASSWORD stealer is very VERY bad news! Do you do online banking or transactions? (ebay, amazon, paypal etc)
If so you really need to check to see if anyones been spending your money recently!
REMOVE it using malwarebytes and then you need to change ALL your passwords that are important (Email, paypal, banking etc)

Ill check the hijack later (Only just got in from work)

Arrgghhh - 1hr 34mins as well :oops:

I've just started another scan.

I do use all online transactions you mentioned so will take your advice there.

Thanks very much.
 

aliEnRIK

Active Member
TICK these in hijack then click to FIX them ~

R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - Global Startup: ExifLauncher2.lnk = ?
 

GaryMo

Well-known Member
2 things ~
1. youve not TICKED them and selected to REMOVE them so im afraid your going to have to rescan (They all say 'NO ACTION TAKEN')

I've just finished another scan which found no problems - I thought I had removed the problems with the initial scan which confirms I did though not sure why the first log reported what it did.

Anyway, here's the second scan log:

Malwarebytes' Anti-Malware 1.41
Database version: 2915
Windows 5.1.2600 Service Pack 3

06/10/2009 22:06:58
mbam-log-2009-10-06 (22-06-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 272885
Time elapsed: 1 hour(s), 37 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

GaryMo

Well-known Member
TICK these in hijack then click to FIX them ~

R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - Global Startup: ExifLauncher2.lnk = ?

I'll do the above apart from the Garmin enties as that relates to a GPS watch I use for running. Ant Agent automatically downloads the details of a workout ot my PC when the watch is in range.
 

aliEnRIK

Active Member
No worries

Please run COMBOFIX

Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
 

GaryMo

Well-known Member
Combofix log (wish I knew what I was looking for! :eek:):

ComboFix 09-10-05.01 - Gary Mort 06/10/2009 22:50.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1309 [GMT 1:00]
Running from: c:\documents and settings\Gary Mort\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gary Mort\Application Data\inst.exe
c:\windows\Installer\23b387f.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\kb913800.exe
c:\windows\system32\install.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-06 17:58 . 2009-10-06 17:58 -------- d-----w- c:\program files\Trend Micro
2009-10-05 20:36 . 2009-10-05 20:36 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Avira
2009-10-03 17:11 . 2009-10-03 17:11 -------- d-----w- c:\program files\VSO ConvertXToDVD v3 5 3 139
2009-10-03 08:38 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 22:08 . 2009-10-03 09:40 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\vlc
2009-09-19 17:22 . 2009-09-19 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-09-13 15:52 . 2009-09-16 07:04 -------- d-----w- c:\program files\Candura
2009-09-13 15:52 . 2004-09-23 13:19 73728 ----a-w- c:\windows\FTD2XX.dll
2009-09-13 15:52 . 2002-07-30 10:58 24576 ----a-w- c:\windows\WSC32.DLL
2009-09-13 15:51 . 2009-09-13 15:51 796672 ----a-w- c:\windows\GPInstall.exe
2009-09-12 19:02 . 2009-09-12 19:02 -------- d-----w- c:\documents and settings\Gary Mort\Local Settings\Application Data\ZoneFiveSoftware
2009-09-12 18:50 . 2009-09-12 18:50 -------- d-----w- c:\program files\Zone Five Software
2009-09-12 18:50 . 2009-09-12 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoneFiveSoftware
2009-09-12 18:37 . 2009-09-21 17:59 -------- d-----w- C:\Garmin
2009-09-12 18:37 . 2007-09-06 14:53 18944 ----a-w- c:\windows\system32\drivers\SiLib.sys
2009-09-12 18:37 . 2007-09-06 14:53 14848 ----a-w- c:\windows\system32\drivers\DSI_SiUSBXp_3_1.sys
2009-09-12 18:31 . 2009-09-19 17:22 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\GARMIN
2009-09-12 18:30 . 2009-09-12 18:30 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-09-12 18:30 . 2009-09-13 10:39 -------- d-----w- c:\program files\Garmin
2009-09-09 05:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 13:25 . 2009-09-07 14:08 -------- d-----w- c:\program files\Winserver

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 21:52 . 2008-05-24 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-10-06 21:33 . 2007-07-22 15:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-06 19:21 . 2007-07-28 10:58 -------- d-----w- c:\program files\CyberLink
2009-10-06 19:14 . 2007-08-14 17:23 -------- d-----w- c:\program files\IrfanView
2009-10-06 19:13 . 2007-07-22 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 19:00 . 2007-07-22 13:35 75928 ----a-w- c:\documents and settings\Gary Mort\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 18:53 . 2007-07-24 21:51 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Vso
2009-10-06 18:49 . 2009-08-15 08:01 -------- d-----w- c:\program files\Copy+
2009-10-06 18:48 . 2008-10-17 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-10-06 18:31 . 2007-07-22 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-06 17:47 . 2009-09-01 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 05:45 . 2007-07-22 16:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-02 14:56 . 2008-02-21 18:00 -------- d-----w- c:\program files\EasyCert
2009-09-22 21:44 . 2007-07-22 17:50 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\uTorrent
2009-09-12 18:30 . 2007-07-29 18:48 -------- d-----w- c:\program files\DIFX
2009-09-11 21:54 . 2007-12-03 18:42 -------- d-----w- c:\program files\Java
2009-09-10 13:54 . 2009-09-01 21:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-01 21:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 11:31 . 2008-01-30 15:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 05:13 . 2007-09-09 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-07 18:31 . 2007-09-09 12:42 -------- d-----w- c:\program files\Microsoft Works
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Malwarebytes
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-01 16:33 . 2009-09-01 16:33 -------- d-----w- c:\program files\Windows Defender
2009-08-30 08:58 . 2009-08-30 08:57 -------- d-----w- c:\program files\TagRename
2009-08-20 14:44 . 2007-07-29 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-08-20 14:44 . 2008-02-09 18:13 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-20 14:42 . 2007-07-29 18:48 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\PC Suite
2009-08-14 20:12 . 2009-08-14 20:12 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-12 13:20 . 2007-07-22 15:00 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Canon
2009-08-11 07:12 . 2007-07-22 16:49 -------- d-----w- c:\program files\DivX
2009-08-11 07:12 . 2009-08-11 07:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-10 20:08 . 2009-03-18 17:42 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2006-03-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 04:23 . 2008-12-02 07:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-03-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2006-03-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\system32\CdI5T.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2009-07-30 11017728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2007-03-23 2173744]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-08-13 524288]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-01-23 423200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-18 209153]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-12-19 16062464]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-7-29 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-5-18 805392]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Transcode360\\Transcode360Tray.exe"=
"c:\\Program Files\\Nero\\Nero Core\\nero.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [26/02/2009 19:38 56936]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [26/02/2009 19:38 70632]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [18/03/2009 18:42 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/03/2009 18:42 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18/03/2009 18:42 434945]
R2 GDI23880;Genesis Video Capture;c:\windows\system32\drivers\gdi2vid.sys [07/11/2004 19:38 164480]
R2 GDI2BTS;Genesis BDA Transport Capture;c:\windows\system32\drivers\gdi2bts.sys [07/11/2004 19:38 13696]
R2 GDI2IR;Genesis InfraRed;c:\windows\system32\drivers\gdi2ir.sys [07/11/2004 19:38 9856]
R2 GDI2XBAR;Genesis Crossbar;c:\windows\system32\drivers\gdi2xbr.sys [07/11/2004 19:38 10112]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 GDI2BDA;Black Gold Signature BDA DVB Tuner/Demod;c:\windows\system32\drivers\gdi2bda.sys [07/11/2004 19:38 169728]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ABIT-IO;ABIT-IO;\??\c:\program files\U-ABIT\ABITEQ\ABIT-IO.sys --> c:\program files\U-ABIT\ABITEQ\ABIT-IO.sys [?]
S3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [25/10/2008 19:12 299776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/06/2009 09:43 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28/06/2009 09:44 8320]
S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Gary Mort\Application Data\Mozilla\Firefox\Profiles\xevuinsf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\documents and settings\Gary Mort\Application Data\Mozilla\Firefox\Profiles\xevuinsf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Gary Mort\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Nokia Multimedia Factory{4CFB3821-1582-4F3B-BF8D-30986923B36B} - c:\documents and settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-06 22:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(880)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-10-06 22:55
ComboFix-quarantined-files.txt 2009-10-06 21:55

Pre-Run: 288,546,414,592 bytes free
Post-Run: 288,578,465,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

220 --- E O F --- 2009-10-03 08:38
 

aliEnRIK

Active Member
Open notepad and copy/paste the text in RED below

File::
c:\windows\system32\CdI5T.drv



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.


After that download DR WEB
Download Dr.Web CureIt!
Run it. After its scanned set to scan the WHOLE computer
 

GaryMo

Well-known Member
Thanks again, here's the result of Combofix using CFScript:

ComboFix 09-10-06.03 - Gary Mort 07/10/2009 9:51.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1292 [GMT 1:00]
Running from: c:\documents and settings\Gary Mort\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Gary Mort\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

FILE ::
"c:\windows\system32\CdI5T.drv"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CdI5T.drv

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 08:13 . 2009-10-07 08:13 -------- d-----w- c:\windows\LastGood
2009-10-06 17:58 . 2009-10-06 17:58 -------- d-----w- c:\program files\Trend Micro
2009-10-05 20:36 . 2009-10-05 20:36 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Avira
2009-10-03 17:11 . 2009-10-03 17:11 -------- d-----w- c:\program files\VSO ConvertXToDVD v3 5 3 139
2009-10-03 08:38 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 22:08 . 2009-10-03 09:40 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\vlc
2009-09-19 17:22 . 2009-09-19 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-09-13 15:52 . 2009-09-16 07:04 -------- d-----w- c:\program files\Candura
2009-09-13 15:52 . 2004-09-23 13:19 73728 ----a-w- c:\windows\FTD2XX.dll
2009-09-13 15:52 . 2002-07-30 10:58 24576 ----a-w- c:\windows\WSC32.DLL
2009-09-13 15:51 . 2009-09-13 15:51 796672 ----a-w- c:\windows\GPInstall.exe
2009-09-12 19:02 . 2009-09-12 19:02 -------- d-----w- c:\documents and settings\Gary Mort\Local Settings\Application Data\ZoneFiveSoftware
2009-09-12 18:50 . 2009-09-12 18:50 -------- d-----w- c:\program files\Zone Five Software
2009-09-12 18:50 . 2009-09-12 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoneFiveSoftware
2009-09-12 18:37 . 2009-09-21 17:59 -------- d-----w- C:\Garmin
2009-09-12 18:37 . 2007-09-06 14:53 18944 ----a-w- c:\windows\system32\drivers\SiLib.sys
2009-09-12 18:37 . 2007-09-06 14:53 14848 ----a-w- c:\windows\system32\drivers\DSI_SiUSBXp_3_1.sys
2009-09-12 18:31 . 2009-09-19 17:22 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\GARMIN
2009-09-12 18:30 . 2009-09-12 18:30 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-09-12 18:30 . 2009-09-13 10:39 -------- d-----w- c:\program files\Garmin
2009-09-09 05:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 13:25 . 2009-09-07 14:08 -------- d-----w- c:\program files\Winserver

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 08:55 . 2008-05-24 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-10-07 08:20 . 2007-07-22 15:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-06 19:21 . 2007-07-28 10:58 -------- d-----w- c:\program files\CyberLink
2009-10-06 19:14 . 2007-08-14 17:23 -------- d-----w- c:\program files\IrfanView
2009-10-06 19:13 . 2007-07-22 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 19:00 . 2007-07-22 13:35 75928 ----a-w- c:\documents and settings\Gary Mort\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 18:53 . 2007-07-24 21:51 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Vso
2009-10-06 18:49 . 2009-08-15 08:01 -------- d-----w- c:\program files\Copy+
2009-10-06 18:48 . 2008-10-17 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-10-06 18:31 . 2007-07-22 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-06 17:47 . 2009-09-01 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 05:45 . 2007-07-22 16:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-02 14:56 . 2008-02-21 18:00 -------- d-----w- c:\program files\EasyCert
2009-09-22 21:44 . 2007-07-22 17:50 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\uTorrent
2009-09-12 18:30 . 2007-07-29 18:48 -------- d-----w- c:\program files\DIFX
2009-09-11 21:54 . 2007-12-03 18:42 -------- d-----w- c:\program files\Java
2009-09-10 13:54 . 2009-09-01 21:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-01 21:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 11:31 . 2008-01-30 15:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 05:13 . 2007-09-09 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-07 18:31 . 2007-09-09 12:42 -------- d-----w- c:\program files\Microsoft Works
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Malwarebytes
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-01 16:33 . 2009-09-01 16:33 -------- d-----w- c:\program files\Windows Defender
2009-08-30 08:58 . 2009-08-30 08:57 -------- d-----w- c:\program files\TagRename
2009-08-20 14:44 . 2007-07-29 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-08-20 14:44 . 2008-02-09 18:13 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-20 14:42 . 2007-07-29 18:48 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\PC Suite
2009-08-14 20:12 . 2009-08-14 20:12 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-12 13:20 . 2007-07-22 15:00 -------- d-----w- c:\documents and settings\Gary Mort\Application Data\Canon
2009-08-11 07:12 . 2007-07-22 16:49 -------- d-----w- c:\program files\DivX
2009-08-11 07:12 . 2009-08-11 07:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-10 20:08 . 2009-03-18 17:42 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-06 18:24 . 2007-07-22 12:59 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2007-07-22 12:59 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2007-07-22 12:59 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2006-03-15 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2007-07-22 12:59 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2007-07-22 12:59 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-03-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 04:23 . 2008-12-02 07:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-03-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2006-03-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [email protected]_21.53.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 08:11 . 2009-10-07 08:11 16384 c:\windows\Temp\Perflib_Perfdata_654.dat
+ 2009-10-07 08:11 . 2009-10-07 08:11 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
+ 2009-10-07 08:13 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-07 08:13 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-07-22 12:59 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-03-15 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-10-07 08:13 . 2008-10-16 14:09 43544 c:\windows\LastGood\system32\wups2.dll
+ 2009-10-07 08:13 . 2008-10-16 14:08 34328 c:\windows\LastGood\system32\wups.dll
+ 2009-10-07 08:13 . 2008-10-16 14:09 51224 c:\windows\LastGood\system32\wuauclt.exe
+ 2009-10-07 08:13 . 2008-10-16 14:09 92696 c:\windows\LastGood\system32\cdm.dll
+ 2007-07-22 12:59 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-07-22 12:59 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-07-22 12:59 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-10-07 08:13 . 2008-10-16 14:13 202776 c:\windows\LastGood\system32\wuweb.dll
+ 2009-10-07 08:13 . 2008-10-16 14:12 323608 c:\windows\LastGood\system32\wucltui.dll
+ 2009-10-07 08:13 . 2008-10-16 14:12 561688 c:\windows\LastGood\system32\wuapi.dll
+ 2007-07-22 12:59 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-10-07 08:13 . 2008-10-16 14:13 1809944 c:\windows\LastGood\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2009-07-30 11017728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2007-03-23 2173744]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-08-13 524288]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-01-23 423200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-18 209153]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-12-19 16062464]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-7-29 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-5-18 805392]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Transcode360\\Transcode360Tray.exe"=
"c:\\Program Files\\Nero\\Nero Core\\nero.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [26/02/2009 19:38 56936]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [26/02/2009 19:38 70632]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [18/03/2009 18:42 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/03/2009 18:42 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18/03/2009 18:42 434945]
R2 GDI23880;Genesis Video Capture;c:\windows\system32\drivers\gdi2vid.sys [07/11/2004 19:38 164480]
R2 GDI2BTS;Genesis BDA Transport Capture;c:\windows\system32\drivers\gdi2bts.sys [07/11/2004 19:38 13696]
R2 GDI2IR;Genesis InfraRed;c:\windows\system32\drivers\gdi2ir.sys [07/11/2004 19:38 9856]
R2 GDI2XBAR;Genesis Crossbar;c:\windows\system32\drivers\gdi2xbr.sys [07/11/2004 19:38 10112]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 GDI2BDA;Black Gold Signature BDA DVB Tuner/Demod;c:\windows\system32\drivers\gdi2bda.sys [07/11/2004 19:38 169728]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ABIT-IO;ABIT-IO;\??\c:\program files\U-ABIT\ABITEQ\ABIT-IO.sys --> c:\program files\U-ABIT\ABITEQ\ABIT-IO.sys [?]
S3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [25/10/2008 19:12 299776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/06/2009 09:43 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28/06/2009 09:44 8320]
S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Gary Mort\Application Data\Mozilla\Firefox\Profiles\xevuinsf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\documents and settings\Gary Mort\Application Data\Mozilla\Firefox\Profiles\xevuinsf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Gary Mort\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-07 09:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\midimap.dll

- - - - - - - > 'lsass.exe'(884)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-10-07 9:57
ComboFix-quarantined-files.txt 2009-10-07 08:57
ComboFix2.txt 2009-10-06 21:55

Pre-Run: 288,587,776,000 bytes free
Post-Run: 288,549,355,520 bytes free

239 --- E O F --- 2009-10-03 08:38
 

aliEnRIK

Active Member
My apologies mate

I must have missed your reply in my emails

Unfortunately the 2 checks I wanted you to run are unavailable at the moment :thumbsdow

Does everything seem ok?
 

GaryMo

Well-known Member
No worries at all, you've pretty much talked me though a process I was unsure about and brought a few excellent pieces of software to my attention. For that I'm very grateful.

The initial problem where my PC wouldn't shut down properly is now no more :)
 

aliEnRIK

Active Member

The latest video from AVForums

Guardians of the Galaxy Xmas Special, Strange World, Bones and All, and Cabinet of Dr Caligari in 4K
Subscribe to our YouTube channel

Full fat HDMI teeshirts

Support AVForums with Patreon

Top Bottom