Jump to content

scotiabahn

Experienced Members
  • Posts

    114
  • Joined

  • Last visited

Everything posted by scotiabahn

  1. Hi! I know this subject has been dormant for a while, but I thought I'd share a bit of my own anecdotal evidence on the subject. I bought two Toshiba laptops about 18 months back to replace a couple of aged noisy XP boxes. One my son used for schoolwork and some lightweight browser gaming (we have separate Games machine plus the odd console...) and the other one sat alongside my work laptop and shares the mess of my study area along with monitor, keyboard and mouse via a KVM switch... About 6 months back, the laptop on my desk started getting really noisy when it tried to do anything vaguely CPU intensive, like an AV scan, and then moved on to shutting down. From the scorching heat on the base of the laptop, even I could work out there was a heat problem. Initially I just tried to reduce the CPU performance of the AV scan but it kept on happening, so I moved on to a laptop cooler base - a raised base with 3 usb fans to move the air around, but even that hasn't been enough in the warmest parts of the summer... Then a few days back I started rummaging around for an answer (again), having decided that I would have one last try before giving up on the machine (new laptop versus repair costs including new power supply pretty much even out...) I saw an article or two about dust clogging up the laptop cooling fans and vents that I hadn't seen previously. I suspect you can see where this is going... Yesterday afternoon I disconnected all the cables and took the laptop off it's stand and took a look at it - very dusty underneath. One of the threads I found recommended using a compressed air canister to blow through the air vents but I wasn't organised enough for that - no can - so I just tried blowing through the intake vents on the side and - tada! - I have dust bunnies coming out of the fan port! After several iterations of blowing, picking lumps out with tweezers and using a mini vacuum cleaner on it, the dust clouds dissapated... I then did a good clean around the whole area (it had to happen sometime..) Strangely enough the laptop is running much quieter now, not even getting excited about the latest AV scan... Methinks a better housekeeping situation around my study area might help... I offer my experience as a potential solution to others who may have a laptop that has similar issues that could also have an attack of dust bunnies...
  2. We've upgraded to the next release (2.07.575) but we're still having the same problem - we're having to run IE as Administrator to print anything from IE... Is that the right 'next' release or is there another one coming? Thanks.
  3. umm... I'm pretty sure I haven't moved the Temp folder...
  4. We're setup as C:\Users\office\AppData\Local\Temp\Low as we've never moved/deleted the folder - with UAC, it wouldn't let me For some reason, I now seem to have a subordinate folder called the same... i.e. C:\Users\office\AppData\Local\Temp\Low\Low which is kind of odd... still doesn't print, though
  5. I'll provide what detail I can, but our situation is such that we've really only discovered the problem after the event that caused it. We have a couple of new Toshiba Equium laptops with Vista Premium installed and as part of the migration from our old XP pcs, I naturally installed CCleaner. I have one of the machines, my son the other for study. Since we deployed the laptops he has been printing out all sorts of stuff from all sorts of places, including IE7, until this last weekend when I went to use his machine (my wife had snaffled mine...) While I was using my son's machine I thought I'd better do a quick cleanup and clear out the cache etc as it hadn't been done since first use about a month or so back. Since then, IE7 printing hasn't worked. As I print less than my son, it's only subsequently that I've discovered mine is the same, but I run CCleaner a couple of times a week... The only thing I'm not sure about here is that I'd have thought I must have run CCleaner when first installed just to prove it works, with our usual settings, but I can't be sure that I did. If that was true, it suggests that you have to print before running CCleaner before the problem occurs, maybe? I would have got CCleaner and basic print (test page across the network) ready for my son to start using for schoolwork, then he had several weeks without a problem until I reran CCleaner... Don't know if that gives any clues... For now, my son managed to print without a problem using the 'run as administrator' option for IE to get his homework off the laptop last night, but I'm not keen on setting that as a security default as there are reasons for using that level of protection. That said, if I'd realised how much of a pain UAC was going to be doing the migration from XP, I'd have switched the damn thing off As for CCleaner, its at 2.06.567 level. As for settings on the Cleaner page, I have everything ticked under IE and System, everything ticked except 'Recent' under Explorer, and I've also got 'old prefetch' ticked under Advance. The only other option that I think I've set is that is does a 'Secure Delete' using an NSA 7-pass algorithm. Can't think what else to tell you, but happy to answer any further questions...
  6. Well, I've only just got Vista and I've just got this bug... CCleaner doesn't remove the Low folder for me, so I suppose I ought to try that... Just running icacls didn't sort it... unlike a previous responder, I did mange to get a print when I ran IE as administrator my one helpful hint re the last comment above "so CCleaner doesn't remove the folder". Can't you exclude it from the Options section in CCleaner? I've just added the Low folder to the exclusions to see whether that would make it leave the folder alone... Still doesn't work though, but if I can get it working it might stop a future occurrence... maybe... Has anyone got any other thoughts on this mess... Thanks
  7. If it helps, I noticed a significant increase in time between 2.02.x and 2.03.x versions. The analysis has lengthened by about a factor of 4 or 5, and the clean up (using secure delete) around twice that. Not sure about going backwards in levels, still hoping for a 2.04 that sorts it...
  8. Andy, I've made a start on this but not produced any logs yet to put on the other forum section. I just wanted to report back on this bit. The reg delete worked and I moved the file to my desktop and rebooted, hey presto, no desktop as before. I used Taskmgr 'Run' to get command working and to shift the txt file back to system32 and I got my desktop back after another reboot. The interesting thing is that the registry is still clean, the debugger value hasn't been reinstated... Not sure what that means, will go play with the rest of the utilities (which will probably mean moving the stupid file again because it doesn't like HijackThis at least...) Hopefully, next entry will be in HijackThis section... Thanks Steve
  9. okey-dokey, will do, when I get a chance later today hopefully...
  10. that makes sense... now that's an impressive title - 'appointed malware expert'... coo, wish I had that on my c.v. actually, no I don't, this stuff makes my head hurt
  11. over my head - could be... this definitely isn't an area where I have a great deal of expertise, but I'll have a crack at this after I've had a go at Andy's suggestions... should keep me out of mischief for a while
  12. Thanks for the suggestion, but is there anything special about renaming hijackthis to family.exe? Way back in the discussion, you will see, there were a few attempts with renamed files that still got bounced - I can only assume that this malware can see some internal naming or descriptor. Thanks again.
  13. Andy, many thanks for all that and I'll work my way through this asap, although I'm afraid work will get in the way for most of the day... My one query at this point is whether this should go on the HijackThis forum rather than CCleaner, I'm not sure I see the advantage in that, the history is here. I admit my description 'CCleaner failing' isn't very descriptive, but that's all I knew at the time. This malware is certainly targeting specific applications, particularly CCleaner, as well as HijackThis and Comboscan at least, but ignoring others (don't like to write their names in case 'they' improve their malware... not that I'm getting paranoid or anything...) Thanks again, I'll get started on this later today...
  14. yes , I agree with you, verclsid almost certainly isn't the problem. I had it completely removed yesterday evening and I still had the problem. Like yourself, I can't find any reference to wbjrwesa.txt anywhere. I suppose the wretched thing could have been generated on my machine by something else... another of those great unknowns at the moment... Thanks for the help.
  15. I did try that, but explorer won't run, presumably because of the registry key that includes the wbjrwesa.txt reference I am unable to read the wbjrwesa.txt (access denied!) - I wish I could, I'd love to know what sneaky little code is in there... Thanks for the suggestions.
  16. I have got my desktop back, but only by putting wbjrwesa.txt back into c:\windows\system32, which means I lose CCleaner, HijackThis and the rest as viable applications, but at least I can do most things again... I'm also going to put back KB908531 and verclsid.exe because that doesn't seem to be the problem, it's just this stupid txt file, which I can't delete or erase, nor remove from my registry, which I suspect is the key part of this. An interesting 24 hours or so, back to the same situation as before, but at least there is a better suspect for the problem... Now, anyone got any ideas on how to kill it? A few things occurred to me overnight on a more general level:- 1. How did I get this on my machine? Best guess is via an infected website - had a nasty pop-up explosion of windows maybe a week back, and probably hadn't run CCleaner since then... 2. Why are is someone targeting CCleaner and it's chums? It doesn't affect my anti-spyware, anti-ad, or anti-virus software... 3. I have to say that I am impressed by this nasty little thing, it's pretty hard to detect, hard to kill and fiendishly selective. It also occurred to me that whoever wrote it might be monitoring this forum, highly amused by their handiwork. Well, if he/she is, bravo, it's very good, but you could be kind and put me out of my misery and tell me how to fix it... If anyone wonders why I should ask such a thing, well, I am an eternal optimist when it comes to the potential for generosity in the human spirit... Thanks to everyone for their help so far...
  17. nope it didn't find it... Help! any suggestions? At least I had the desktop before?
  18. This bit looks key to me:- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe] "Debugger"="\"c:\\windows\\system32\\wbjrwesa.txt\"" I've tried REGEDIT to get rid of the debugger value but it won't let me... just occurs to me that CCleaner might be able to now it's running... I'll go have a look...
  19. ComboScan v20070306.20 run by family on 2007-03-21 at 21:49:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as family.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 21:49:33, on 21/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\family\Desktop\comboscan.exe C:\PROGRA~1\HIJACK~1\family.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://morwillsearch.com/?adv_id=amandaxxx&sub_id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {B35C1E01-EB19-D484-5BA5-B1B1FAF1F1FB} - (no file) O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [intense Registry Service] IntEdReg.exe /CHECK O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RtlWake.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: www.amazon.co.uk O15 - Trusted Zone: *.morwillsearch.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {BED02A0F-05A1-4249-A49E-CD0D41A6A152} - http://xearl.com/abd3bb87/sm/10031/1/xp/FastTeens.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O20 - Winlogon Notify: disk - C:\WINDOWS\system32\diskperff.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Wireless Adapter Configurator - Tech Mahindra- PUNE - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe -- Files created between 2007-02-21 and 2007-03-21 ----------------------------- 2007-03-21 19:57:54 0 d-------- C:\Documents and Settings\family\Application Data\AVG7 2007-03-21 19:57:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-03-21 19:57:43 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2007-03-21 19:57:43 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-03-21 19:57:43 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-03-21 19:57:42 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-03-21 19:57:38 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-03-21 19:57:33 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-03-21 19:57:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-03-21 19:57:29 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-03-20 15:27:38 5936 --a------ C:\Documents and Settings\family\mqdmwhnt.sys 2007-03-20 15:27:38 79328 --a------ C:\Documents and Settings\family\mqdmserd.sys 2007-03-20 15:27:38 92064 --a------ C:\Documents and Settings\family\mqdmmdm.sys 2007-03-20 15:27:38 9232 --a------ C:\Documents and Settings\family\mqdmmdfl.sys 2007-03-20 15:27:38 4048 --a------ C:\Documents and Settings\family\mqdmcr.sys 2007-03-20 15:27:38 6208 --a------ C:\Documents and Settings\family\mqdmcmnt.sys 2007-03-20 15:27:38 66656 --a------ C:\Documents and Settings\family\mqdmbus.sys 2007-03-20 09:45:07 0 d-------- C:\Program Files\vtplus 2007-03-20 08:54:01 118784 --a------ C:\WINDOWS\system32\o100vc.dll 2007-03-20 08:54:01 40960 --a------ C:\WINDOWS\system32\o100ext.dll 2007-03-20 08:54:01 36864 --a------ C:\WINDOWS\system32\hcwutl32.dll 2007-03-20 08:54:01 96768 --a------ C:\WINDOWS\system32\hcwTVWnd.dll 2007-03-20 08:54:01 89600 --a------ C:\WINDOWS\system32\hcwTVDlg.dll 2007-03-20 08:54:01 48128 --a------ C:\WINDOWS\system32\hcwtuner.dll 2007-03-20 08:54:01 393216 --a------ C:\WINDOWS\system32\HCWsnbd9.dll 2007-03-20 08:54:01 36864 --a------ C:\WINDOWS\system32\hcwps32.dll 2007-03-20 08:54:01 155648 --a------ C:\WINDOWS\system32\hcwpnp32.dll 2007-03-20 08:54:01 45056 --a------ C:\WINDOWS\system32\hcwi2c32.dll 2007-03-20 08:54:01 32768 --a------ C:\WINDOWS\system32\hcwHook.dll 2007-03-20 08:54:01 184832 --a------ C:\WINDOWS\system32\hcwChan.dll 2007-03-20 08:54:01 135168 --a------ C:\WINDOWS\system32\hcwAV.dll 2007-03-20 08:54:01 113664 --a------ C:\WINDOWS\system32\hcwAud32.dll 2007-03-20 08:54:01 140440 --a------ C:\WINDOWS\system32\drivers\hcw848nt.sys 2007-03-20 08:54:00 28672 --a------ C:\WINDOWS\system32\BTGPIO32.dll 2007-03-20 08:54:00 28672 --a------ C:\WINDOWS\system32\BT848Wst.dll 2007-03-20 08:54:00 16384 --a------ C:\WINDOWS\system32\Bt848_32.dll 2007-03-15 14:12:05 21504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll 2007-03-15 13:50:56 0 d-------- C:\Program Files\Motive 2007-03-15 13:50:56 0 d-------- C:\Program Files\BT Broadband Desktop Help<BTBROA~1> 2007-02-26 18:42:38 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2007-02-26 18:37:19 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE -- Find3M Report --------------------------------------------------------------- 2007-03-21 20:42:45 0 d-------- C:\Program Files\ZipCentral<ZIPCEN~1> 2007-03-21 19:57:29 0 d-------- C:\Program Files\Grisoft 2007-03-21 19:56:42 0 d---s---- C:\Documents and Settings\family\Application Data\Microsoft<MICROS~1> 2007-03-20 15:28:23 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1> 2007-03-20 15:25:41 0 d-------- C:\Program Files\Avanquest update<AVANQU~1> 2007-03-20 09:44:57 0 d-------- C:\Program Files\WinTV 2007-03-18 12:53:29 0 d-------- C:\Program Files\Microsoft Money<MICROS~4> 2007-03-17 18:12:35 16 --a------ C:\WINDOWS\popcinfo.dat 2007-03-15 21:21:19 0 d-------- C:\Program Files\Outlook Express Quick Backup<OUTLOO~2> 2007-03-15 21:21:05 249856 -----n--- C:\WINDOWS\Setup1.exe 2007-03-15 21:21:03 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-03-15 13:57:49 0 d-------- C:\Documents and Settings\family\Application Data\Motive 2007-03-15 13:52:14 0 d-------- C:\Program Files\Common Files\Motive 2007-02-18 19:21:36 0 d-------- C:\Program Files\Yahoo! 2007-01-29 10:37:18 0 d-------- C:\Program Files\BT Home Hub<BTHOME~1> 2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-25 07:55:27 29232 --a------ C:\WINDOWS\hpoins03.dat 2007-01-22 21:43:35 0 d-------- C:\Program Files\btbb_wcm 2007-01-21 12:05:59 0 d-------- C:\Program Files\OpenTTD 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "nwiz"="nwiz.exe /install" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\"" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "Intense Registry Service"="IntEdReg.exe /CHECK" "btbb_wcm_McciTrayApp"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe] "Debugger"="\"c:\\windows\\system32\\wbjrwesa.txt\"" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\disk [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ -- End of ComboScan: finished at 2007-03-21 at 21:52:13 ------------------------
  20. OH bother... now my desktop has gone missing... I'm really going from bad to worse on this... since I last wrote, reboot hasn't resolved it... nor has moving wbjrwesa.txt to the old e drive helped, the desktop is still blank... the only way I can run anything is via task mgr (ctrl+alt+del) and then use File/Run.... the only good news is that I can see the internet on the desktop mc again and can run Comboscan. As requested earlier I will put the details from Comboscan.txt in here, but I will have to do that again - explorer isn't running and I can't find the output - aargh!
  21. I've been playing... I tried simply moving the wbjrwesa.txt file out of the windows/system32 folder to the desktop and then deleted the prefetch version (Ordinary delete, not CCleaner Securedelete - didn't work) Then I tried running CCleaner again and it worked, analyzing and removing the accumulated crud of the last few days... So that's good... However, at the moment, my desktop seems to have got a bit confused and all the icons and task bars have vanished so it might be time for a reboot. I'll let you know how I get on...
  22. Many thanks for the help, but that hasn't worked either.... it still recognises it as a threat and shuts it down...
  23. Unfortunately this has gone the same way as HijackThis... It did start running and completed the restore point, but stopped around 12% progress (as far as I could tell). Both .txt files were created but are empty...
  24. oops - just seen this - will go give it a try... ta muchly...
  25. fancy rename doesn't work any better... there are too many internal names that even I can see (but can't amend...) unless anyone has any better ideas, I'm gonna have a crack at deleting the wbjrwesa.txt file (it would be rather ironic if I could use the Secure Delete function of CCleaner to get rid of it ) My suspicion is that nothing in Explorer will work, but I'm hopeful that 'ERASE' in a command window might give it a fright... Meanwhile, I'll go fix the other application I broke taking out too much to get rid of this bug
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.