We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Possible Rootkit Virus 32TDDS Infection?
Options
Comments
-
I'll give Combofix a try, but I think Kaspersky tech support already told her to download that and run it (it's already downloaded. Makes life much harder when people try and do their own fix but don't keep any proper record of what they have tried...
Is there anything showing up on the HJT log that I should be sorting out please?
I've got a feeling that this one might be a case where it's best to bit the bullet and do a Factory Restore from the D partition rather than spend more hours trying to remove the rootkit.No free lunch, and no free laptop
0 -
Just the ASK TOOLBAR which id remove:idea:0
-
Just the ASK TOOLBAR which id remove
Thanks RIK. That's this one then? Combofix running now.
PS: full scan with MSE came up clean, but no surprise there.
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllNo free lunch, and no free laptop0 -
By rights you should just be able to uninstall it. So got for that then rescan, if still there remove these ~
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll:idea:0 -
Combofix scan completed, it generated a log but did not ask for a reboot. Major problem now is that when I try and open almost anything (Firefox, IE, CCleaner) I get a message saying 'Illegal operation attempted on a registry key that has been marked for deletion'.
Got a nasty feeling that Combofix has broken the registry, don't want to shut down as may not be able to reboot.
Have been able to copy over the Combofix log using a flash drive though. What next?
ComboFix 10-05-01.04 - Deborah 02/05/2010 9:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2036.1212 [GMT 1:00]
Running from: c:\users\Deborah\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.
2010-05-02 08:35 . 2010-05-02 08:35
d
w- c:\users\Public\AppData\Local\temp
2010-05-02 08:35 . 2010-05-02 08:35
d
w- c:\users\Mark\AppData\Local\temp
2010-05-02 08:35 . 2010-05-02 08:35
d
w- c:\users\Joel\AppData\Local\temp
2010-05-02 08:35 . 2010-05-02 08:35
d
w- c:\users\Ewan\AppData\Local\temp
2010-05-02 08:35 . 2010-05-02 08:35
d
w- c:\users\Default\AppData\Local\temp
2010-05-02 08:35 . 2010-05-02 08:35
d
w- c:\users\Alec\AppData\Local\temp
2010-05-01 22:21 . 2010-05-01 22:21
d
w- c:\program files\Microsoft Security Essentials
2010-05-01 21:05 . 2010-05-01 21:05
d
w- c:\windows\system32\x64
2010-05-01 21:05 . 2008-02-11 19:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-05-01 21:05 . 2006-11-10 15:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-05-01 11:01 . 2010-05-01 11:01
d
w- c:\program files\CCleaner
2010-05-01 10:39 . 2010-05-01 10:39 6153352 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-01 10:36 . 2007-04-03 05:06 449536 ----a-w- c:\windows\system32\drivers\WlanUZG.sys
2010-05-01 06:55 . 2010-05-01 06:55
d
w- c:\users\Mark\AppData\Roaming\Malwarebytes
2010-04-15 08:12 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-15 08:12 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-15 08:12 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-15 08:02 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 08:02 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 08:02 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 07:59 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 07:58 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 16:05 . 2010-03-09 10:11
d
w- c:\programdata\Kaspersky Lab
2010-05-01 10:39 . 2010-03-10 11:03
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 06:45 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-04-29 14:39 . 2010-03-10 11:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-10 11:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 08:16 . 2009-03-31 18:56
d
w- c:\programdata\Microsoft Help
2010-03-10 11:03 . 2010-03-10 11:03
d
w- c:\users\Deborah\AppData\Roaming\Malwarebytes
2010-03-10 11:03 . 2010-03-10 11:03
d
w- c:\programdata\Malwarebytes
2010-03-09 23:57 . 2008-01-21 02:23 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-09 19:11 . 2010-03-09 13:53
d
w- c:\programdata\Roxio
2010-03-09 13:53 . 2010-03-09 13:53
d
w- c:\users\Deborah\AppData\Roaming\Roxio
2010-03-09 12:44 . 2010-03-09 12:44
d
w- c:\program files\Enigma Software Group
2010-03-09 10:00 . 2010-03-09 10:00
d
w- c:\program files\QuickTime
2010-03-09 10:00 . 2010-03-09 10:00
d
w- c:\programdata\Apple Computer
2010-03-08 17:17 . 2010-03-08 17:17
d
w- c:\programdata\Kaspersky Lab Setup Files
2010-03-05 14:01 . 2010-04-15 08:03 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 18:23 . 2009-04-19 09:07 408 ----a-w- c:\users\Deborah\AppData\Roaming\wklnhst.dat
2010-02-25 17:15 . 2009-04-23 16:22 71904 ----a-w- c:\users\Ewan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 22:28 . 2009-05-09 10:26 71904 ----a-w- c:\users\Alec\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 17:41 . 2009-04-17 17:25 71904 ----a-w- c:\users\Deborah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-04 11:21 181632
w- c:\windows\system32\MpSigStub.exe
2010-02-23 22:32 . 2009-04-27 20:02 71904 ----a-w- c:\users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 11:32 . 2010-04-15 08:03 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:32 . 2010-04-15 08:03 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:32 . 2010-04-15 08:03 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-04-15 08:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-15 08:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-15 08:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-15 08:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 17:36 . 2010-04-15 08:03 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 17:36 . 2010-04-15 08:03 3548560 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 10:48 . 2010-03-23 17:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-09 18:29 . 2009-04-21 14:36 71336 ----a-w- c:\users\Joel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-01 02:42 . 2009-04-01 02:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
Sigcheck
[-] 2010-03-09 23:57 . 12AC52A3321CEAC1BF524D38F9C75B87 . 21560 . . . . c:\windows\System32\drivers\atapi.sys
[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[7] 2009-04-01 . 0D83C87A801A3DFCD1BF73893FE7518C . 21560 . . [6.0.6001.18034] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[7] 2008-01-21 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 14:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Ewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2007-12-6 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-31 18:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2008-01-21 19968]
R3 ZY202_VS;ZyXEL 802.11g XG202 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanUZG.sys [2007-04-03 449536]
S0 99895652;99895652 Boot Guard Driver;c:\windows\system32\DRIVERS\99895652.sys [2009-10-22 37392]
S1 99895651;99895651;c:\windows\system32\DRIVERS\99895651.sys [2009-09-25 128016]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{E77647F2-50D5-4DF7-8F0E-0B913CE6854C}.job
- c:\windows\system32\msfeedssync.exe [2010-04-15 04:54]
2009-06-08 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
.
.
Supplementary Scan
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - c:\users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\dtaq0x7f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 09:35
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3920910989-2757540604-3831163897-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f6,05,3f,d3,5d,53,af,00
DUMPHIVE0.003 (REGF)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(2568)
c:\program files\Microsoft Office\Office10\MLSHEXT.DLL
.
Completion time: 2010-05-02 09:36:49
ComboFix-quarantined-files.txt 2010-05-02 08:36
ComboFix2.txt 2010-03-10 21:42
Pre-Run: 229,536,649,216 bytes free
Post-Run: 229,526,089,728 bytes free
- - End Of File - - C20AB14EE0210006BE7AC159644C87F5No free lunch, and no free laptop0 -
Have done a little google while you wait for aliEnRIK and found several posts on Bleeping computer with same problem. Advice is
Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it. May need to be done in Safe Mode.0 -
Have done a little google while you wait for aliEnRIK and found several posts on Bleeping computer with same problem. Advice is
Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it. May need to be done in Safe Mode.
Unfortunately there is no Command Prompt/Run shortcut on the Start Menu? And if I type 'CMD' into Search it finds the Command Prompt program OK , but attempting to open it results in the same error message as with everything else. Grr...
Don't want to try it in Safe Mode, as not sure it will survive a reboot-though sooner or later I'll have to do so.
PS: just tried to find/open SFC by typing the command line above into Search. Same old error message.No free lunch, and no free laptop0 -
Unfortunately there is no Command Prompt/Run shortcut on the Start Menu? And if I type 'CMD' into Search it finds the Command Prompt program OK , but attempting to open it results in the same error message as with everything else. Grr...
Don't want to try it in Safe Mode, as not sure it will survive a reboot-though sooner or later I'll have to do so.
PS: just tried to find/open SFC by typing the command line above into Search. Same old error message.
If you can use explorer then navigate to c:\windows\system32 and then click on cmd.exe does that work? Or try taskmanager and file / new task will give you a run box where you can try c:\windows\system32\cmd.exe.4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0 -
Just reboot mac ~ see how it is then:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards