Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.exe files not working correctly?


  • This topic is locked This topic is locked
2 replies to this topic

#1 tdiet0928

tdiet0928

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 07 May 2011 - 09:28 PM

I had a XP total security virus on my PC and used Combofix to get rid of it, at the advice on another post that was having the same problem. I got rid of the virus, but now none of my .exe files seem to open by themselves. Windows boots fine and the icons show on my desktop, but I can't get any thing to execute without windows asking what program I want to open the program up with. I then run/save the file, but it still doesn't work. I rebooted windows with a restore point and at least now I can open IE, although it still asks for the program I want to open. Is there something that combofix ate along with the virus, or did I do something? I have attached the combofix log:


ComboFix 11-05-07.01 - Administrator 05/07/2011 21:17:55.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.265 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Compaq_Owner\Application Data\.#
c:\documents and settings\Compaq_Owner\Desktop\Search.lnk
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ovq.exe
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Erin\WINDOWS
C:\tskmgr.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Fonts\lursvs.bak1
c:\windows\MailSwitch.ocx
c:\windows\system\ptctnfo.bak1
c:\windows\system\ptctnfo.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\rnaph.dll
c:\windows\viassary-hp.reg
c:\windows\vxyxxx.ini
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 01:03 . 2011-05-08 01:24 -------- d-----w- c:\documents and settings\Administrator
2011-05-06 22:35 . 2011-05-08 00:53 -------- d-----w- C:\## aswSnx private storage
2011-05-06 21:45 . 2011-05-06 21:45 -------- d-----w- C:\found.005
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2011-01-15 20:56 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2009-01-10 18:35 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2011-02-24 12:50 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:17 . 2009-01-10 18:35 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2009-01-10 18:36 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2009-01-10 18:35 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2009-01-10 18:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2009-01-10 18:36 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2009-01-10 18:36 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2009-01-10 18:35 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-07 05:33 . 2004-08-04 05:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 05:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 05:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 05:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 05:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 11:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 05:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2005-08-16 23:50 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-04 05:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 05:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 05:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2010-08-16 17:38 262312 ----a-w- c:\program files\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2010-08-16 17:38 86696 ----a-w- c:\program files\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2010-08-16 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-17 98304]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-01-21 149280]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2005-8-16 36864]
Compaq VistaAccess.lnk - c:\vstascan\vsaccess.exe [2006-10-22 270395]
MySurvey Messenger.lnk - c:\program files\MySurvey Messenger\MySurveyMessenger.exe [2006-7-1 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PowerReg Scheduler.exe [2006-4-16 256000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
CallWave.lnk - c:\program files\CallWave\IAM.exe [2006-3-2 1590352]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2005-3-10 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-6-20 1701224]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Juno(1)\\bin\\juno.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/24/2011 8:50 AM 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/10/2009 2:35 PM 307288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/10/2009 2:35 PM 19544]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/1/2009 10:09 PM 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2011 4:58 PM 136176]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [1/7/2011 8:37 PM 689392]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/24/2007 11:26 PM 24652]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2011 4:58 PM 136176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 20:58]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 20:58]
.
2011-05-08 c:\windows\Tasks\WebReg 20051001200107.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-03-26 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{18c1f319-cf8e-4e3b-80d2-3cad39cc5080} - (no file)
BHO-{5B5F4472-EA8A-404E-8A67-51E29E491793} - (no file)
Notify-kbdrop - kbdrop.dll
Notify-ofntctp - c:\windows\system\ofntctp.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2893717365-3508536137-3786221508-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,ca,00,25,07,7f,31,44,95,7f,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,ca,00,25,07,7f,31,44,95,7f,93,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2011-05-07 21:28:23
ComboFix-quarantined-files.txt 2011-05-08 01:28
.
Pre-Run: 156,930,969,600 bytes free
Post-Run: 157,534,375,936 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AE477459CBBF5CC26BC0ADF4CBA8EAB5

Please help me fix this error.

Thanks!

tawny

Edited by Orange Blossom, 07 May 2011 - 10:49 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 17 May 2011 - 07:20 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 23 May 2011 - 06:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users