Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run CMD.exe, regedit.exe or Combofix.


  • This topic is locked This topic is locked
3 replies to this topic

#1 ndeans

ndeans

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 04 May 2009 - 03:21 PM

I have run Malwarebytes Anti-Malware, SUPER-Antispyware, SDFix, AVG 8.5, and still can't find this bugger.

This is the first time I have been stumped on this and need help.

Attached is a Hijack this log, and a RSIT log.


Thanks,

N

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:19 AM

Posted 04 May 2009 - 03:32 PM

Hi ndeans,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {22750ADC-C90F-43C4-9B72-0F9E60CB5119} - (no file)
    O2 - BHO: (no name) - {67121D62-2C97-4EF0-83EA-2DC643D50B01} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


  • We need to go to the registry tell me if you are not comfortable with it then we download a tool to do this.
  • Go to C:\Windows folder and find regedit.exe then rename it to copy.exe (to do that right-click regedit32.exe and select rename).
  • Double-click copy.exe to run it. The registry editor opens.
  • In the left pane navigate to the following sub-key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

  • Highlight Drivers32 sub-key and under File menu select Export...
  • Give a name like drivers32 and save the file to the desktop. You get driver32.reg on the desktop.
  • Right-click driver32.reg and select Edit to open it and post the content to your reply. Delete driver32.reg from you computer.


#3 ndeans

ndeans
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 04 May 2009 - 04:18 PM

Ah Ha! Thanks, I was needing the guidance on where to look for that darn driver. Deleted the "aux" driver now can run everything. Ran ComboFix and can perform all functions normally. Thank you.

You can consider this one finished.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:19 AM

Posted 04 May 2009 - 04:19 PM

This thread will now be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users