Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 32, Backdoor Psychward, System Disabled Polices, Google Redirector and Possible Vundo


  • This topic is locked This topic is locked
2 replies to this topic

#1 gwtf

gwtf

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 10 October 2011 - 03:39 PM

My MBAM was disabled with you do not have permission to access this file. I ran stopzilla which found the following:
Tojan Cool
Spyware Rogue Win 32.personal
Adware Cognac
Hijacker System Disable Polices
Trojan Catch Me
Spyware Anti-visus
Spyware Google Redirector
Adware Gen Malware Detectior
Trojan Winexec32
Spyware Cool Web Search
Virsus Backdoor psychward
Rogue Win32 Internets
Hijacker Vundo A7
Adware Vundo A12
Trojan P432
Spyare lpv4.mons

In all 70 plus hijacker, trojans, spyware, virsus, etc. were found and MBAM still would not detect any of the above. At this point stopzilla no longer worked. I than ran Super anti-spyware and this only found around 12 issues along with one that will not go away. I have included a lot of files for review.
________________________________________

My Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:31:21 PM, on 10/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5225 bytes

_______________________________

My MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7910

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/9/2011 5:43:46 PM
mbam-log-2011-10-09 (17-43-46).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 275136
Time elapsed: 1 hour(s), 27 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
______________________________________________

My dds log:

DS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 16:58:39 on 2011-10-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.119 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [VTTimer] VTTimer.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\autoru~1\eventr~1.lnk - c:\pmw\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{44EAC41E-ED25-4D0A-A5AF-4849CFDACE5C} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{D13D3BB9-476D-406D-9673-F2C0E5633BE5} : DhcpNameServer = 68.87.72.130 68.87.77.130
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl024a019c;MpKsl024a019c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c386c49b-605b-4c73-8a54-13e4cb373b4a}\MpKsl024a019c.sys [2011-10-8 28752]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2007-9-19 91520]
S3 SMC2208;SMC Compact USB to Ethernet converter;c:\windows\system32\drivers\SMC2208.SYS [2007-2-28 26525]
S4 CWMonitor;Symantec Crimeware Protection Driver;\??\c:\program files\common files\symantec shared\coshared\cw\1.0\monitor.sys --> c:\program files\common files\symantec shared\coshared\cw\1.0\Monitor.sys [?]
.
=============== Created Last 30 ================
.
2011-10-08 17:33:29 -------- d-----w- c:\documents and settings\owner\local settings\application data\Safe mirror
2011-10-08 17:32:40 -------- d-----w- c:\program files\Cobian Backup 10
2011-10-08 13:20:50 28752 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c386c49b-605b-4c73-8a54-13e4cb373b4a}\MpKsl024a019c.sys
2011-10-08 13:20:42 56200 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c386c49b-605b-4c73-8a54-13e4cb373b4a}\offreg.dll
2011-10-07 21:41:34 7269712 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c386c49b-605b-4c73-8a54-13e4cb373b4a}\mpengine.dll
2011-10-07 21:41:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-07 21:39:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-07 20:04:57 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-06 13:47:33 116224 -c----w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-06 13:47:30 23040 -c----w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-06 13:47:29 18944 -c----w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-06 13:47:25 27648 -c----w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-06 13:47:21 4608 -c----w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-06 13:47:15 99865 -c----w- c:\windows\system32\dllcache\xlog.exe
2011-10-06 13:47:09 16970 -c----w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-06 13:47:08 19455 -c----w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-06 13:47:04 19200 -c----w- c:\windows\system32\dllcache\wstcodec.sys
2011-10-06 13:47:03 12063 -c----w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-06 13:47:01 8192 -c----w- c:\windows\system32\dllcache\wshirda.dll
2011-10-06 13:45:58 19016 -c----w- c:\windows\system32\dllcache\w926nd.sys
2011-10-06 13:44:58 26112 -c----w- c:\windows\system32\dllcache\usbser.sys
2011-10-06 13:43:59 159232 -c----w- c:\windows\system32\dllcache\tridkbm.sys
2011-10-06 13:42:58 30464 -c----w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-06 13:41:59 99328 -c----w- c:\windows\system32\dllcache\srusd.dll
2011-10-06 13:40:56 45568 -c----w- c:\windows\system32\dllcache\smb3w.dll
2011-10-06 13:39:57 18400 -c----w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-06 13:38:58 198400 -c----w- c:\windows\system32\dllcache\s3sav4.dll
2011-10-06 13:37:51 19584 -c----w- c:\windows\system32\dllcache\rasirda.sys
2011-10-06 13:36:52 121344 -c----w- c:\windows\system32\dllcache\phvfwext.dll
2011-10-06 13:35:58 44544 -c----w- c:\windows\system32\dllcache\ovui2.dll
2011-10-06 13:34:57 9344 -c----w- c:\windows\system32\dllcache\ntapm.sys
2011-10-06 13:33:58 75520 -c----w- c:\windows\system32\dllcache\mxport.sys
2011-10-06 13:32:58 16128 -c----w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-06 13:31:56 70730 -c----w- c:\windows\system32\dllcache\lne100tx.sys
2011-10-06 13:30:57 26624 -c----w- c:\windows\system32\dllcache\irstusb.sys
2011-10-06 13:29:58 109085 -c----w- c:\windows\system32\dllcache\ibmtrp.sys
2011-10-06 13:28:59 13312 -c----w- c:\windows\system32\dllcache\hpsjmcro.dll
2011-10-06 13:27:53 92160 -c----w- c:\windows\system32\dllcache\fuusd.dll
2011-10-06 13:26:59 594238 -c----w- c:\windows\system32\dllcache\es56hpi.sys
2011-10-06 13:25:59 334208 -c----w- c:\windows\system32\dllcache\ds1wdm.sys
2011-10-06 13:24:58 117760 -c----w- c:\windows\system32\dllcache\d100ib5.sys
2011-10-06 13:23:59 236032 -c----w- c:\windows\system32\dllcache\camext20.dll
2011-10-06 13:22:59 46464 -c----w- c:\windows\system32\dllcache\atibt829.sys
2011-10-04 20:13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 12:20:30 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-10-01 01:44:26 -------- d-----w- c:\documents and settings\owner\local settings\application data\Temp
2011-10-01 01:29:00 -------- d-----w- c:\documents and settings\owner\application data\comcasttb
2011-10-01 01:06:49 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 14:09:06 472808 ------w- c:\windows\system32\deployJava1.dll
2011-09-30 02:30:43 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-09-30 00:55:29 -------- d-sha-r- C:\cmdcons
2011-09-29 13:49:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-29 13:49:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-29 13:33:41 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-09-28 21:47:27 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ------w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 -c----w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 17:00:13.77 ===============


GMER attached along with the rest of dds log.

_____________________________________________

Super AntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/09/2011 at 07:11 PM

Application Version : 5.0.1128

Core Rules Database Version : 7773
Trace Rules Database Version: 5585

Scan type : Complete Scan
Total Scan Time : 00:35:07

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 371
Memory threats detected : 0
Registry items scanned : 37545
Registry threats detected : 1
File items scanned : 41288
File threats detected : 10

Adware.Tracking Cookie
interclick.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MPKE93LU ]
media.tattomedia.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MPKE93LU ]
pornotube.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MPKE93LU ]
C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ATDMT[1].TXT [ /ATDMT ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCDJWQ2 ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCDJWQ2 ]
macromedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCDJWQ2 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCDJWQ2 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCDJWQ2 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCDJWQ2 ]

System.BrokenFileAssociation
HKCR\.exe

Not sure where to go from here OR excatly what this problem is but any and all help is greatly appreciated!
Thanks
Chris

Attached Files



BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 12 October 2011 - 05:34 PM

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic422554.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 14 October 2011 - 03:01 PM

Do due a lack of response this topic is closed.

Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users