Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ave.exe infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 trademeister

trademeister

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 21 June 2010 - 02:22 PM

Hi,

I run AVG free anti-virus, but it stopped working and I got infected with AVE.EXE. I used Malwarebytes tool to remove it (I think). I don't think I'm infected, but still not completely sure. Can you help me be sure I'm clean?

The damage done was: Anytime I try to start a program using Start/Programs/<Program Group>/<Program>, I get the following dialog box: "Open with", "Choose the program you want to use to open this file". If I scroll, choose the program and click Ok, a new dialog bog opens: "Unable to load "xxx.exe", but then the application seems to start and run as expected. I can also use Explorer to navigate to the program.exe that I want to start. Then, if I right-click on "Start" instead of "Open" - the program starts like normal. In addition, lots of "tray icon" applications aren't loaded anymore after booting, presumably due to the same inability to start programs (I think). Please help to fix this problem.

I have included the following per your "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"
Attachments: Attach.txt and Ark.txt
Dds.txt file follows inline:

Thanks!

====================================

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Owner at 8:12:31.53 on Mon 06/21/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1527.252 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\copSSH\bin\cygrunsrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\copSSH\bin\sshd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP_Owner\My Documents\Apps\CDEX\CDex.exe
C:\Documents and Settings\HP_Owner\My Documents\Apps2\CoolPlayerMp3\CoolPlayer+Portable\CoolPlayer+Portable.exe
C:\Documents and Settings\HP_Owner\My Documents\Apps2\CoolPlayerMp3\CoolPlayer+Portable\App\CoolPlayer+\coolplayer+.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Documents and Settings\HP_Owner\My Documents\Apps2\SkypePortable\SkypePortable.exe
C:\Documents and Settings\HP_Owner\My Documents\Apps2\SkypePortable\App\Skype\Phone\Skype.exe
C:\Documents and Settings\HP_Owner\My Documents\Apps2\Bleeping\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a favorites
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [Domino] c:\windows\Domino.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
uPolicies-explorer: <NO NAME> =
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E}
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A}
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://boeing.webex.com/client/T23LBA26/webex/ieatgpc.cab
DPF: {FBAA44A9-2AF3-450D-9881-BFE7BE67D852} - hxxp://www.geoplayer.com/downloads/plugins/ActiveX/GeoPlayerX.cab
TCP: {5526497C-DB6D-40E0-AFC0-F5FBE45832B4} = 68.87.76.182,156.154.70.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\ko0qy1dh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npatgpc.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npDimdimControl.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npsnapfish.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npyaxmpb.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [2008-9-25 14888]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-30 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-30 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-19 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-6-20 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-6-20 41424]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 copSSHD;Openssh SSHD;c:\program files\copssh\bin\cygrunsrv.exe [2006-6-19 43008]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-1-10 6016]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-3-4 34128]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-6-20 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-5-29 87760]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2009-4-10 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2009-4-10 1472000]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 Oasis;Oasis;c:\windows\system32\drivers\Oasisusb.sys [2007-6-9 23038]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 slusbvip;SmartLink USB Driver;c:\windows\system32\drivers\slusbvip.sys [2008-9-25 546120]
S3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [2008-9-25 43248]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================


==================== Find3M ====================

2010-04-25 20:00:24 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-10 15:54:54 44 ---h--w- c:\program files\f400801d.tmp

============= FINISH: 8:13:49.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:39 AM

Posted 27 June 2010 - 05:14 PM

Hi trademeister,

Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If the issue is not resolved please update me on the current condition of your computer.

#3 trademeister

trademeister
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 July 2010 - 04:23 PM

Hi Farbar,

Thanks for your help. My system remains unchanged and the problem as stated previously still exists. I will keep my system unchanged while waiting for help from you.

Regards,
Trademeister

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:39 AM

Posted 01 July 2010 - 04:48 PM

Hi trademeister,

See if this helps the situation and tell me about it.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


CODE
@ECHO OFF
assoc .exe=exefile
ftype exefile="%%1" %%*
del look*.txt
regedit /e look1.txt HKEY_CLASSES_ROOT\.exe
regedit /e look2.txt HKEY_CLASSES_ROOT\exefile
regedit /e look3.txt HKEY_CURRENT_USER\Software\Classes\.exe
regedit /e look4.txt HKEY_CURRENT_USER\Software\Classes\exefile
regedit /e look5.txt HKEY_LOCAL_MACHINE\Software\Classes\.exe
regedit /e look6.txt HKEY_LOCAL_MACHINE\Software\Classes\exefile
regedit /e look7.txt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
reg query HKCU\Software\Classes >log.txt
type look*.txt >>log.txt
start log.txt
del look*.txt
del %0

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select Save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate look.bat on the desktop. It should look like this:
  • Double-click to run it.
  • A notepad opens, copy and paste the content (log.txt) to your reply. Also tell me if you can ran programs normally.


#5 trademeister

trademeister
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 July 2010 - 04:59 PM

Hi Farbar,

I wasn't able to start Notepad directly needless to say but was able to save your text in "look.bat". I ran it and the log follows

After running your batch file I still am not able to run Programs normally.

Thanks

=========================== ==================

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Classes

HKEY_CURRENT_USER\Software\Classes\.aif

HKEY_CURRENT_USER\Software\Classes\.aiff

HKEY_CURRENT_USER\Software\Classes\.amr

HKEY_CURRENT_USER\Software\Classes\.au

HKEY_CURRENT_USER\Software\Classes\.avi

HKEY_CURRENT_USER\Software\Classes\.awb

HKEY_CURRENT_USER\Software\Classes\.exe

HKEY_CURRENT_USER\Software\Classes\.ivr

HKEY_CURRENT_USER\Software\Classes\.m1v

HKEY_CURRENT_USER\Software\Classes\.m2v

HKEY_CURRENT_USER\Software\Classes\.mp1

HKEY_CURRENT_USER\Software\Classes\.mp2

HKEY_CURRENT_USER\Software\Classes\.mpa

HKEY_CURRENT_USER\Software\Classes\.mpe

HKEY_CURRENT_USER\Software\Classes\.mpeg

HKEY_CURRENT_USER\Software\Classes\.mpg

HKEY_CURRENT_USER\Software\Classes\.mpga

HKEY_CURRENT_USER\Software\Classes\.mps

HKEY_CURRENT_USER\Software\Classes\.mpv

HKEY_CURRENT_USER\Software\Classes\.pdb

HKEY_CURRENT_USER\Software\Classes\.pnc

HKEY_CURRENT_USER\Software\Classes\.pqa

HKEY_CURRENT_USER\Software\Classes\.prc

HKEY_CURRENT_USER\Software\Classes\.ra

HKEY_CURRENT_USER\Software\Classes\.ram

HKEY_CURRENT_USER\Software\Classes\.rax

HKEY_CURRENT_USER\Software\Classes\.rjs

HKEY_CURRENT_USER\Software\Classes\.rjt

HKEY_CURRENT_USER\Software\Classes\.rm

HKEY_CURRENT_USER\Software\Classes\.rmj

HKEY_CURRENT_USER\Software\Classes\.rmm

HKEY_CURRENT_USER\Software\Classes\.rmp

HKEY_CURRENT_USER\Software\Classes\.rms

HKEY_CURRENT_USER\Software\Classes\.rmvb

HKEY_CURRENT_USER\Software\Classes\.rmx

HKEY_CURRENT_USER\Software\Classes\.rnx

HKEY_CURRENT_USER\Software\Classes\.rp

HKEY_CURRENT_USER\Software\Classes\.rsml

HKEY_CURRENT_USER\Software\Classes\.rt

HKEY_CURRENT_USER\Software\Classes\.rv

HKEY_CURRENT_USER\Software\Classes\.rvx

HKEY_CURRENT_USER\Software\Classes\.scp

HKEY_CURRENT_USER\Software\Classes\.sdp

HKEY_CURRENT_USER\Software\Classes\.Send2Anna

HKEY_CURRENT_USER\Software\Classes\.skype

HKEY_CURRENT_USER\Software\Classes\.smi

HKEY_CURRENT_USER\Software\Classes\.smil

HKEY_CURRENT_USER\Software\Classes\.sparc

HKEY_CURRENT_USER\Software\Classes\.ssm

HKEY_CURRENT_USER\Software\Classes\.torrent

HKEY_CURRENT_USER\Software\Classes\ADDRESSEXT.AddressExtCtrl.1

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmAddinController

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmAddinController.1

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmApplication

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmApplication.1

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmData

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmData.1

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmFeedbackUI

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmFeedbackUI.1

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmSink

HKEY_CURRENT_USER\Software\Classes\AlarmApp.AlarmSink.1

HKEY_CURRENT_USER\Software\Classes\AlarmSvr.AlarmService

HKEY_CURRENT_USER\Software\Classes\AlarmSvr.AlarmService.1

HKEY_CURRENT_USER\Software\Classes\AppID

HKEY_CURRENT_USER\Software\Classes\Applications

HKEY_CURRENT_USER\Software\Classes\AudioCD

HKEY_CURRENT_USER\Software\Classes\callto

HKEY_CURRENT_USER\Software\Classes\CLSID

HKEY_CURRENT_USER\Software\Classes\DATEBOOKEXT.DateBookExtCtrl.1

HKEY_CURRENT_USER\Software\Classes\DBC.MPEG.1

HKEY_CURRENT_USER\Software\Classes\DelDups.DelDupsAddin

HKEY_CURRENT_USER\Software\Classes\DelDups.DelDupsAddin.1

HKEY_CURRENT_USER\Software\Classes\EXPENSEEXT.ExpenseExtCtrl.1

HKEY_CURRENT_USER\Software\Classes\ezPMUtils.ContentHost

HKEY_CURRENT_USER\Software\Classes\ezPMUtils.GameController

HKEY_CURRENT_USER\Software\Classes\ezPMUtils.WindowGroup

HKEY_CURRENT_USER\Software\Classes\FirefoxHTML

HKEY_CURRENT_USER\Software\Classes\FirefoxURL

HKEY_CURRENT_USER\Software\Classes\ftp

HKEY_CURRENT_USER\Software\Classes\http

HKEY_CURRENT_USER\Software\Classes\https

HKEY_CURRENT_USER\Software\Classes\Interface

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.142_03

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.142_06

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.150_09

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.150_10

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.160_01

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.160_02

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.160_03

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.160_05

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.160_06

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.160_07

HKEY_CURRENT_USER\Software\Classes\JavaPlugin.160_13

HKEY_CURRENT_USER\Software\Classes\MEMOPADEXT.MemoPadExtCtrl.1

HKEY_CURRENT_USER\Software\Classes\Mime

HKEY_CURRENT_USER\Software\Classes\Network

HKEY_CURRENT_USER\Software\Classes\NOTEPADEXT.NotePadExtCtrl.1

HKEY_CURRENT_USER\Software\Classes\PalmDesktop.InstallerServices

HKEY_CURRENT_USER\Software\Classes\PalmDesktop.InstallerServices.1

HKEY_CURRENT_USER\Software\Classes\PalmDesktop.RegistrationServices

HKEY_CURRENT_USER\Software\Classes\PalmDesktop.RegistrationServices.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.ContextMenu

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.ContextMenu.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.DefaultPlugin

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.DefaultPlugin.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.DropTarget

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.DropTarget.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.FileInfoCollection

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.FileInfoCollection.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.FileNames

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.FileNames.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.IdCollection

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.IdCollection.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.InstallerAppInternal

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.InstallerAppInternal.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.InstallerApplication

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.InstallerApplication.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.NotifierInteractor

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.NotifierInteractor.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PalmDeviceInfo

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PalmDeviceInfo.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PalmUser

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PalmUser.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PalmUsers

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PalmUsers.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PdbFile

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PluginBroker

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PluginBroker.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PluginRouter

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PluginRouter.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PncFile

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PqaFile

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PqiInstallerServices

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PqiInstallerServices.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.PrcFile

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.ScpFile

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.SendToExtension

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.SendToExtension.1

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.ShellFolder

HKEY_CURRENT_USER\Software\Classes\PalmQuickInstall.ShellFolder.1

HKEY_CURRENT_USER\Software\Classes\Photo.PhotoCtrl.1

HKEY_CURRENT_USER\Software\Classes\PhotosPlugIn.PhotosPlugInObject

HKEY_CURRENT_USER\Software\Classes\PhotosPlugIn.PhotosPlugInObject.1

HKEY_CURRENT_USER\Software\Classes\PhotosPlugIn.PreProcessObject

HKEY_CURRENT_USER\Software\Classes\PhotosPlugIn.PreProcessObject.1

HKEY_CURRENT_USER\Software\Classes\PictPreview.PicturePreviewPlugin

HKEY_CURRENT_USER\Software\Classes\PictPreview.PicturePreviewPlugin.1

HKEY_CURRENT_USER\Software\Classes\pnm

HKEY_CURRENT_USER\Software\Classes\RealJukebox.RJS.1

HKEY_CURRENT_USER\Software\Classes\RealJukebox.RJT.1

HKEY_CURRENT_USER\Software\Classes\RealJukebox.RMJ.1

HKEY_CURRENT_USER\Software\Classes\RealJukebox.RMP.1

HKEY_CURRENT_USER\Software\Classes\RealJukebox.RMX.1

HKEY_CURRENT_USER\Software\Classes\RealPlayer.AIFF.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.AMR.10

HKEY_CURRENT_USER\Software\Classes\RealPlayer.AMR_WB.10

HKEY_CURRENT_USER\Software\Classes\RealPlayer.AU.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.AudioCD.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.AutoPlay.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.AVI.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.CDBurn.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.DVD.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.IVR.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.MP1.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.MP2.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.MPA.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.MPEG.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.MPGA.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.PIX.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RA.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RAM.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RAX.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RM.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RMS.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RMVB.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RP.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RSML.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RT.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RV.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.RVX.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.SDP.6

HKEY_CURRENT_USER\Software\Classes\RealPlayer.SMIL.6

HKEY_CURRENT_USER\Software\Classes\rtsp

HKEY_CURRENT_USER\Software\Classes\secfile

HKEY_CURRENT_USER\Software\Classes\SgDateAlarm.SgDateAlarmAddin.1

HKEY_CURRENT_USER\Software\Classes\SgDateAlarm.SgDateAlarmNotify

HKEY_CURRENT_USER\Software\Classes\SgDateAlarm.SgDateAlarmNotify.1

HKEY_CURRENT_USER\Software\Classes\skype

HKEY_CURRENT_USER\Software\Classes\skype-plugin

HKEY_CURRENT_USER\Software\Classes\Skype.Content

HKEY_CURRENT_USER\Software\Classes\Software

HKEY_CURRENT_USER\Software\Classes\SparcFile

HKEY_CURRENT_USER\Software\Classes\spmServices.DRMClient

HKEY_CURRENT_USER\Software\Classes\spmServices.DRMClientV2

HKEY_CURRENT_USER\Software\Classes\spmServices.NamedStrings

HKEY_CURRENT_USER\Software\Classes\spmServices.PluginWindow

HKEY_CURRENT_USER\Software\Classes\SSM

HKEY_CURRENT_USER\Software\Classes\TODOEXT.ToDoExtCtrl.1

HKEY_CURRENT_USER\Software\Classes\TypeLib

HKEY_CURRENT_USER\Software\Classes\uTorrent

HKEY_CURRENT_USER\Software\Classes\VOICEMEMOEXT.VoiceMemoExtCtrl.1

HKEY_CURRENT_USER\Software\Classes\{A4B980AE-402C-4EA4-9D1B-83A7A8CEE7E4}
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="secfile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\.exe\shell]

[HKEY_CLASSES_ROOT\.exe\shell\open]

[HKEY_CLASSES_ROOT\.exe\shell\open\command]
@="\"C:\\Documents and Settings\\HP_Owner\\Local Settings\\Application Data\\ave.exe\" /START \"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe\shell\runas]

[HKEY_CLASSES_ROOT\.exe\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe\shell\start]

[HKEY_CLASSES_ROOT\.exe\shell\start\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\CmdLineExt]
@="{9869EFB4-18E9-11D3-A837-00104B9E30B5}"

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Classes\.exe]
@="secfile"
"Content Type"="application/x-msdownload"

[HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon]
@="%1"

[HKEY_CURRENT_USER\Software\Classes\.exe\shell]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
@="\"C:\\Documents and Settings\\HP_Owner\\Local Settings\\Application Data\\ave.exe\" /START \"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\start]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Classes\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_LOCAL_MACHINE\Software\Classes\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Classes\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\DefaultIcon]
@="%1"

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell]

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command]
@=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\runas]

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shellex]

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shellex\ContextMenuHandlers\CmdLineExt]
@="{9869EFB4-18E9-11D3-A837-00104B9E30B5}"

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shellex\PropertySheetHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]
"a"="FIREFOX.EXE"
"MRUList"="hgfaedcb"
"b"="SUPERANTISPYWARE.EXE"
"c"="mbam-setup.exe"
"d"="mbam.exe"
"e"="7-ZipPortable.exe"
"f"="uTorrent.exe"
"g"="wmplayer.exe"
"h"="NOTEPAD.EXE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
"secfile"=hex(0):



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:39 AM

Posted 01 July 2010 - 06:10 PM

Please download the attached fix.reg, double-click to run it, confirm adding it to the registry and see if you can run programs.

#7 trademeister

trademeister
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 02 July 2010 - 04:09 PM

Hi farbar,

Wow! That worked great! Thank you so much for your help.

I am making a donation right now!

Best Regards,
trademeister

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:39 AM

Posted 02 July 2010 - 05:41 PM

Great. thumbup2.gif

Thank you for the donation. smile.gif
  1. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

  2. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Service Pack 3 has more features and is more secure than Service Pack 2.

    In order to update Windows go to Start -> All Programs -> Windows Update wait the page to be loaded, then press Custom button. Windows searches your computer and gives you possible updates.

    Prior to installing SP3 it is better to disable your antivirus and enable it after SP3 is installed.

  3. I strongly recommend updating Internet 6 to Internet explorer 7 or Internet Explorer 8 as it has more functionality and is much safer.

  4. I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
    • Download and install it.
    • Update it manually by clicking on Updates in the left pane and then Check for Updates.
    • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
    • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.

Happy Surfing trademeister. smile.gif


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:39 AM

Posted 06 July 2010 - 05:54 PM



This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users