ok thanks for the info. i have never see that error msg. combofix dosnt require that drives be loaded. i wonder if it has anything to do with those mountpoints in the log.
anyway we will use combofix now;
as a precaution, before using combofix:
Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
close any open windows.
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
Code:
File::
C:\olyalcbs.exe
C:\ltljrg.exe
C:\cohdejrg.exe
C:\aqdr.exe
C:\677141451
Folder::
c:\program files\IESurfBar
Driver:
ma9kmi00.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5846d842-ee07-11db-886c-001111aa2201}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65241164-b189-11db-8834-001111aa2201}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6602778a-cc68-11dc-88e6-0013204d7cfe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd0007b6-bfcd-11db-8848-001111aa2201}]
Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop:
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.
FYI:
I do not recommend the use of file sharing software. There is plenty
of malware distibuted on p2p networks. Files can be named anything,
have malware in them or be nothing but malware. Not to mention that
the sharing of copyrighted material is protected by laws.