Please help me out! I have been browsing and working on this for about a week and nothing fixed!
(initially I had more problems like browsing the web, spitting out http errors and specified method is not supported, or just saying no-output, outlook was not retrieving email kept asking me for my username and password and although they were correct nothing happened --- I have fixed those.) NOW --->
It seems that I cannot open regedit, cmd, regedt32, and other exes from the Start/Run.
When I type it in it seems like soft-rebooting my system or opening the My Documents folder.
I have run any antivirus program I could find. I have Norton Antivirus 360 installed. Nothing. Malwarebytes Anti-malware, Spybot, Ad-aware from Lavasoft, Dr. Web, escan... nothing! I also run the Kaspersky Online Scanner (twice) nothing. Also the NOD32 online scanner... nothing.
I did all these from Safe mode while have system restore unchecked.
Hijackthis does not show anything suspicious (as fas as I can tell).
I have also run the Symantec's removal tool for Erkez.b but nothing found to fix.
To be precise, Malwarebytes does not update. I updated to the latest rules.ref from another PC and put it in mine.
Also, I cannot access Mcafee's websites. Still getting error HTTP 505 or 400.
However, when I run every 1-2 hours (while still working on the problem) the Norton antivirus it keeps finding a tracking cookie saying that the risk is low and when I look up the details it always says:
couple of other cookies to some other boggus (to me) sites
cookie: Orpan cleanup.
WINPATROL from time to time asks me if I will allow a change for file type .scr from "%1" to "%1 /s", or
to allow for file type .exe from "%1 1*" to "%1 %". (don't know what this is all about!!!)
I have a Hijackthis and Combofix (run from safe mode) log available.
Please let me know what further info I can provide to get some advice on this.
I have a Win XP SP3 system.
Your help is much appreciated!
I have actually finally resolved this!
The problem was CATCHME.sys. After running all kind of legit antivirus I could find (which none found the problem) I was finally able to resolve this while running COMBOFIX in safe mode. That was the one that found it and resolved it.
Now, regedit, cmd, and other exes will run from Start/Run normally. I am also able to update Malwarebytes.
Run RegistryBooster successfully. And can now browse Mcafee pages with no errors whatsoever!
My question now is this: ComboFix has the catchme.log in the quarantine folder and the catchme.sys in folder named "C".
Should I manually delete those?? I have manually deleted from the registry the key LEGACY_CATCHME.
Should I post the log from Combofix to get a more expert advice on what to do after?
And another thing I would like some help or info: I am still running Winpatrol and it is still popping from time to time a window asking me if I will allow a change for file type .scr from "%1" to "%1 /s", or allow for file type .exe from "%1 1*" to "%1 %". Is this normal? Should I allow or not?
Thanks a lot in advance for all the help you can give me!
P.S. I run Norton 360, should I report this to them?
Edited by vafmar4, 28 April 2009 - 01:45 PM.