Jump to content

scotiabahn

Experienced Members
 View Profile  See their activity

  • Posts

    114

  • Joined

  • Last visited

 Content Type 

Posts posted by scotiabahn

    Laptop on your lap

    in Hardware

    Posted

    Hi! I know this subject has been dormant for a while, but I thought I'd share a bit of my own anecdotal evidence on the subject. I bought two Toshiba laptops about 18 months back to replace a couple of aged noisy XP boxes. One my son used for schoolwork and some lightweight browser gaming (we have separate Games machine plus the odd console...) and the other one sat alongside my work laptop and shares the mess of my study area along with monitor, keyboard and mouse via a KVM switch...

     

    About 6 months back, the laptop on my desk started getting really noisy when it tried to do anything vaguely CPU intensive, like an AV scan, and then moved on to shutting down. From the scorching heat on the base of the laptop, even I could work out there was a heat problem. Initially I just tried to reduce the CPU performance of the AV scan but it kept on happening, so I moved on to a laptop cooler base - a raised base with 3 usb fans to move the air around, but even that hasn't been enough in the warmest parts of the summer...

     

    Then a few days back I started rummaging around for an answer (again), having decided that I would have one last try before giving up on the machine (new laptop versus repair costs including new power supply pretty much even out...) I saw an article or two about dust clogging up the laptop cooling fans and vents that I hadn't seen previously. I suspect you can see where this is going... Yesterday afternoon I disconnected all the cables and took the laptop off it's stand and took a look at it - very dusty underneath. One of the threads I found recommended using a compressed air canister to blow through the air vents but I wasn't organised enough for that - no can - so I just tried blowing through the intake vents on the side and - tada! - I have dust bunnies coming out of the fan port! After several iterations of blowing, picking lumps out with tweezers and using a mini vacuum cleaner on it, the dust clouds dissapated... I then did a good clean around the whole area (it had to happen sometime..)

     

    Strangely enough the laptop is running much quieter now, not even getting excited about the latest AV scan...

     

    Methinks a better housekeeping situation around my study area might help...

     

    I offer my experience as a potential solution to others who may have a laptop that has similar issues that could also have an attack of dust bunnies... :rolleyes:

    Possible moderate CCleaner bug affecting IE7 + other things

    in CCleaner

    Posted

    Hi everyone,

     

    Good news! We've managed to replicate the issue and have found a solution which will be in the next release.

     

    ...

     

     

    Thanks for your patience.

     

    We've upgraded to the next release (2.07.575) but we're still having the same problem - we're having to run IE as Administrator to print anything from IE...

     

    Is that the right 'next' release or is there another one coming?

     

    Thanks.

    Possible moderate CCleaner bug affecting IE7 + other things

    in CCleaner

    Posted

    Hi everyone,

     

    Good news! We've managed to replicate the issue and have found a solution which will be in the next release.

     

    The problem is related to moving the Temp folder, so a workaround would be to move the Temp folder back to the default location.

     

    Thanks for your patience.

     

    :unsure: umm... I'm pretty sure I haven't moved the Temp folder...

    Possible moderate CCleaner bug affecting IE7 + other things

    in CCleaner

    Posted

    Hi everyone,

     

    Would it be possible, for any of you having problems, to post the location (full path) of the "Low" folder?

     

    We might be able to reproduce if we have an idea of the new location you are using.

     

    Thanks

     

    We're setup as C:\Users\office\AppData\Local\Temp\Low as we've never moved/deleted the folder - with UAC, it wouldn't let me :blink:

     

    For some reason, I now seem to have a subordinate folder called the same... i.e. C:\Users\office\AppData\Local\Temp\Low\Low which is kind of odd... still doesn't print, though :(

    Possible moderate CCleaner bug affecting IE7 + other things

    in CCleaner

    Posted

    Hi everyone,

     

    ....

     

    If we can't reproduce it in house it will be difficult to fix it.

     

    We appreciate if you could help us reproduce this error by providing us as much details as you can so we can fix this possible bug; Perhaps a set of steps we should follow to help us recreate this issue.

     

    Thank you very much for your support and understanding.

     

    I'll provide what detail I can, but our situation is such that we've really only discovered the problem after the event that caused it.

     

    We have a couple of new Toshiba Equium laptops with Vista Premium installed and as part of the migration from our old XP pcs, I naturally installed CCleaner. I have one of the machines, my son the other for study. Since we deployed the laptops he has been printing out all sorts of stuff from all sorts of places, including IE7, until this last weekend when I went to use his machine (my wife had snaffled mine...) While I was using my son's machine I thought I'd better do a quick cleanup and clear out the cache etc as it hadn't been done since first use about a month or so back. Since then, IE7 printing hasn't worked. As I print less than my son, it's only subsequently that I've discovered mine is the same, but I run CCleaner a couple of times a week...

     

    The only thing I'm not sure about here is that I'd have thought I must have run CCleaner when first installed just to prove it works, with our usual settings, but I can't be sure that I did. If that was true, it suggests that you have to print before running CCleaner before the problem occurs, maybe? I would have got CCleaner and basic print (test page across the network) ready for my son to start using for schoolwork, then he had several weeks without a problem until I reran CCleaner... Don't know if that gives any clues...

     

    For now, my son managed to print without a problem using the 'run as administrator' option for IE to get his homework off the laptop last night, but I'm not keen on setting that as a security default as there are reasons for using that level of protection. That said, if I'd realised how much of a pain UAC was going to be doing the migration from XP, I'd have switched the damn thing off <_<

     

    As for CCleaner, its at 2.06.567 level. As for settings on the Cleaner page, I have everything ticked under IE and System, everything ticked except 'Recent' under Explorer, and I've also got 'old prefetch' ticked under Advance. The only other option that I think I've set is that is does a 'Secure Delete' using an NSA 7-pass algorithm. Can't think what else to tell you, but happy to answer any further questions...

    Possible moderate CCleaner bug affecting IE7 + other things

    in CCleaner

    Posted

    Having the same problems here. Each time I run CCleaner, I have to...

     

    Create C:\Users\*user*\AppData\Local\Temp\Low

     

    Then run.... icacls C:\Users\*user*\AppData\Local\Temp\Low /setintegritylevel (OI)(CI)low

     

    Can this bug not be ironed out so CCleaner doesnt remove that folder?

     

     

    Well, I've only just got Vista and I've just got this bug...

     

    CCleaner doesn't remove the Low folder for me, so I suppose I ought to try that...

     

    Just running icacls didn't sort it...

     

    unlike a previous responder, I did mange to get a print when I ran IE as administrator

     

    my one helpful hint re the last comment above "so CCleaner doesn't remove the folder". Can't you exclude it from the Options section in CCleaner? I've just added the Low folder to the exclusions to see whether that would make it leave the folder alone...

     

    Still doesn't work though, but if I can get it working it might stop a future occurrence... maybe...

     

    Has anyone got any other thoughts on this mess...

     

    Thanks

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    ...

     

    To remove the value goto Start > Run and copy and paste this

     

    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe" /f

     

    Press OK and it will remove the key, you will not notice anything but the key will be removed, you can then attempt to move the txt file again and see if explorer loads on reboot, if it doesnt then there is something else protecting the reg entries or recreating it when its removed, it maybe easier to download process explorer from here to save having to keep rebooting

     

    http://download.sysinternals.com/Files/ProcessExplorer.zip

     

    Run the program and then run the above regfix, move the wbjrwesa.txt to your desktop then right click explorer.exe in process explorer and choose restart, if it starts ok then the debugger value wasnt recreated but if you get error's and explorer fails to restart then the debugger value is still present so you will have to either run the reg fix again by using task manager > new task or put the file back into system32 while we check for other trojans that maybe protecting it,

     

    ...

     

    Let us know if you have problems

     

    Regards

     

    Andy

     

     

    Andy,

     

    I've made a start on this but not produced any logs yet to put on the other forum section. I just wanted to report back on this bit. The reg delete worked and I moved the file to my desktop and rebooted, hey presto, no desktop as before. I used Taskmgr 'Run' to get command working and to shift the txt file back to system32 and I got my desktop back after another reboot. The interesting thing is that the registry is still clean, the debugger value hasn't been reinstated...

     

    Not sure what that means, will go play with the rest of the utilities (which will probably mean moving the stupid file again because it doesn't like HijackThis at least...)

     

    Hopefully, next entry will be in HijackThis section...

     

    Thanks

     

     

    Steve

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    The reason Andy asked you to put all further logs into the Hijackthis forum, is because you will only get help from the 'appointed Malware experts' rather than lots of diverse ideas from other well meaning members or visitors.

     

    Please follow Andys advise he is among the best of the Malware fighters.

     

    Mike

     

    that makes sense...

     

    now that's an impressive title - 'appointed malware expert'... coo, wish I had that on my c.v. :lol:

     

    actually, no I don't, this stuff makes my head hurt :blink:

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    Thanks for the suggestion, but is there anything special about renaming hijackthis to family.exe? Way back in the discussion, you will see, there were a few attempts with renamed files that still got bounced - I can only assume that this malware can see some internal naming or descriptor.

     

    Thanks again.

    No, its the same as renaming it earlier, I don't believe there is any significance to family.exe (correct me if I'm wrong :lol: ).

     

    --

     

    If andy's suggestion dosn't work (for some reason),

     

    You may be able to remove some stuff with a live boot cd ( ala BartPE) or a linux live CD (if you underestand a linux environment) .

     

    You could use a BartPE boot disk to check the contents of that file and remove infections.

    There are many programs (called plugins) you can include on the disk along with the bootable windows like environment.

     

    links:

    BartPE Home Page

    Download Part PE

    Download Plugins

    NOTE:

    If this seems too over your head feel free to wait for other suggestions.

     

     

    over my head - could be... :unsure:

     

    this definitely isn't an area where I have a great deal of expertise, but I'll have a crack at this after I've had a go at Andy's suggestions... should keep me out of mischief for a while :rolleyes:

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    ...Try renaming hijackthis to family.exe.

     

    Thanks.

     

    Thanks for the suggestion, but is there anything special about renaming hijackthis to family.exe? Way back in the discussion, you will see, there were a few attempts with renamed files that still got bounced - I can only assume that this malware can see some internal naming or descriptor.

     

    Thanks again.

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    Andy,

     

    many thanks for all that and I'll work my way through this asap, although I'm afraid work will get in the way for most of the day... My one query at this point is whether this should go on the HijackThis forum rather than CCleaner, I'm not sure I see the advantage in that, the history is here. I admit my description 'CCleaner failing' isn't very descriptive, but that's all I knew at the time. This malware is certainly targeting specific applications, particularly CCleaner, as well as HijackThis and Comboscan at least, but ignoring others (don't like to write their names in case 'they' improve their malware... not that I'm getting paranoid or anything...)

     

    Thanks again, I'll get started on this later today...

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    FYI: I am running an HP computer, wxp up to date.

    1. verclsid.exe is in system 32,

    2. there is a prefetch file for it,

    3. and it is present in C:\WINDOWS\$hf_mig$\KB908531\SP2QFE.

    4. Neither wbjrwesa.txt nor wbjrwesa is found on C: drive anywhere using windows explorer

     

    No information about wbjrwesa found on google, dogpile, mama, ask.com, nor yahoo answers.

     

    edit 22 mar 07: Also no information from computer associates virus info database.

     

    Am running CCleaner V. 1.36.430. All applications are running OK. Makes me think the problem isn't verclsid. . .??

     

    Good hunting, hope this helps. :)

     

     

    yes , I agree with you, verclsid almost certainly isn't the problem. I had it completely removed yesterday evening and I still had the problem. Like yourself, I can't find any reference to wbjrwesa.txt anywhere. I suppose the wretched thing could have been generated on my machine by something else... another of those great unknowns at the moment...

     

    Thanks for the help.

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    I was wondering if you could take out the txt file again (loose your desktop), then in taskmanager try initiating explorer.exe (via File / Run / C:\windows\explorer.exe ), that usually would bring back the desktop and start menu etc.

     

    I noticed this because in the HJT/Comboscan report above, explorer is not running, which is why you have no desktop.

     

    Also what are the contents of the text file?

     

     

    I did try that, but explorer won't run, presumably because of the registry key that includes the wbjrwesa.txt reference

     

    I am unable to read the wbjrwesa.txt (access denied!) - I wish I could, I'd love to know what sneaky little code is in there...

     

    Thanks for the suggestions.

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    I have got my desktop back, but only by putting wbjrwesa.txt back into c:\windows\system32, which means I lose CCleaner, HijackThis and the rest as viable applications, but at least I can do most things again...

     

    I'm also going to put back KB908531 and verclsid.exe because that doesn't seem to be the problem, it's just this stupid txt file, which I can't delete or erase, nor remove from my registry, which I suspect is the key part of this.

     

    An interesting 24 hours or so, back to the same situation as before, but at least there is a better suspect for the problem... Now, anyone got any ideas on how to kill it?

     

    A few things occurred to me overnight on a more general level:-

     

    1. How did I get this on my machine? Best guess is via an infected website - had a nasty pop-up explosion of windows maybe a week back, and probably hadn't run CCleaner since then...

     

    2. Why are is someone targeting CCleaner and it's chums? It doesn't affect my anti-spyware, anti-ad, or anti-virus software...

     

    3. I have to say that I am impressed by this nasty little thing, it's pretty hard to detect, hard to kill and fiendishly selective. It also occurred to me that whoever wrote it might be monitoring this forum, highly amused by their handiwork. Well, if he/she is, bravo, it's very good, but you could be kind and put me out of my misery and tell me how to fix it... If anyone wonders why I should ask such a thing, well, I am an eternal optimist when it comes to the potential for generosity in the human spirit...

     

    Thanks to everyone for their help so far...

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    This bit looks key to me:-

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]

    "Debugger"="\"c:\\windows\\system32\\wbjrwesa.txt\""

    I've tried REGEDIT to get rid of the debugger value but it won't let me...

     

    just occurs to me that CCleaner might be able to now it's running... I'll go have a look...

     

     

    nope it didn't find it...

     

    Help! any suggestions? At least I had the desktop before?

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    This bit looks key to me:-

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]

    "Debugger"="\"c:\\windows\\system32\\wbjrwesa.txt\""

     

     

    I've tried REGEDIT to get rid of the debugger value but it won't let me...

     

    just occurs to me that CCleaner might be able to now it's running... I'll go have a look...

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    OH bother... now my desktop has gone missing... I'm really going from bad to worse on this...

     

    since I last wrote, reboot hasn't resolved it...

     

    nor has moving wbjrwesa.txt to the old e drive helped, the desktop is still blank... the only way I can run anything is via task mgr (ctrl+alt+del) and then use File/Run....

     

    the only good news is that I can see the internet on the desktop mc again and can run Comboscan. As requested earlier I will put the details from Comboscan.txt in here, but I will have to do that again - explorer isn't running and I can't find the output - aargh! :angry:

     

    ComboScan v20070306.20 run by family on 2007-03-21 at 21:49:25

    Computer is in Normal Mode.

    --------------------------------------------------------------------------------

     

     

     

    -- HijackThis (run as family.exe) ----------------------------------------------

     

    Logfile of HijackThis v1.99.1

    Scan saved at 21:49:33, on 21/03/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    C:\Program Files\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Documents and Settings\family\Desktop\comboscan.exe

    C:\PROGRA~1\HIJACK~1\family.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://morwillsearch.com/?adv_id=amandaxxx&sub_id=

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {B35C1E01-EB19-D484-5BA5-B1B1FAF1F1FB} - (no file)

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [intense Registry Service] IntEdReg.exe /CHECK

    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: RtlWake.lnk = ?

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O15 - Trusted Zone: www.amazon.co.uk

    O15 - Trusted Zone: *.morwillsearch.com

    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

    O16 - DPF: {BED02A0F-05A1-4249-A49E-CD0D41A6A152} - http://xearl.com/abd3bb87/sm/10031/1/xp/FastTeens.cab

    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

    O20 - Winlogon Notify: disk - C:\WINDOWS\system32\diskperff.dll (file missing)

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: Wireless Adapter Configurator - Tech Mahindra- PUNE - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

     

     

    -- Files created between 2007-02-21 and 2007-03-21 -----------------------------

     

    2007-03-21 19:57:54 0 d-------- C:\Documents and Settings\family\Application Data\AVG7

    2007-03-21 19:57:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

    2007-03-21 19:57:43 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys

    2007-03-21 19:57:43 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys

    2007-03-21 19:57:43 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

    2007-03-21 19:57:42 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

    2007-03-21 19:57:38 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

    2007-03-21 19:57:33 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

    2007-03-21 19:57:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

    2007-03-21 19:57:29 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7

    2007-03-20 15:27:38 5936 --a------ C:\Documents and Settings\family\mqdmwhnt.sys

    2007-03-20 15:27:38 79328 --a------ C:\Documents and Settings\family\mqdmserd.sys

    2007-03-20 15:27:38 92064 --a------ C:\Documents and Settings\family\mqdmmdm.sys

    2007-03-20 15:27:38 9232 --a------ C:\Documents and Settings\family\mqdmmdfl.sys

    2007-03-20 15:27:38 4048 --a------ C:\Documents and Settings\family\mqdmcr.sys

    2007-03-20 15:27:38 6208 --a------ C:\Documents and Settings\family\mqdmcmnt.sys

    2007-03-20 15:27:38 66656 --a------ C:\Documents and Settings\family\mqdmbus.sys

    2007-03-20 09:45:07 0 d-------- C:\Program Files\vtplus

    2007-03-20 08:54:01 118784 --a------ C:\WINDOWS\system32\o100vc.dll

    2007-03-20 08:54:01 40960 --a------ C:\WINDOWS\system32\o100ext.dll

    2007-03-20 08:54:01 36864 --a------ C:\WINDOWS\system32\hcwutl32.dll

    2007-03-20 08:54:01 96768 --a------ C:\WINDOWS\system32\hcwTVWnd.dll

    2007-03-20 08:54:01 89600 --a------ C:\WINDOWS\system32\hcwTVDlg.dll

    2007-03-20 08:54:01 48128 --a------ C:\WINDOWS\system32\hcwtuner.dll

    2007-03-20 08:54:01 393216 --a------ C:\WINDOWS\system32\HCWsnbd9.dll

    2007-03-20 08:54:01 36864 --a------ C:\WINDOWS\system32\hcwps32.dll

    2007-03-20 08:54:01 155648 --a------ C:\WINDOWS\system32\hcwpnp32.dll

    2007-03-20 08:54:01 45056 --a------ C:\WINDOWS\system32\hcwi2c32.dll

    2007-03-20 08:54:01 32768 --a------ C:\WINDOWS\system32\hcwHook.dll

    2007-03-20 08:54:01 184832 --a------ C:\WINDOWS\system32\hcwChan.dll

    2007-03-20 08:54:01 135168 --a------ C:\WINDOWS\system32\hcwAV.dll

    2007-03-20 08:54:01 113664 --a------ C:\WINDOWS\system32\hcwAud32.dll

    2007-03-20 08:54:01 140440 --a------ C:\WINDOWS\system32\drivers\hcw848nt.sys

    2007-03-20 08:54:00 28672 --a------ C:\WINDOWS\system32\BTGPIO32.dll

    2007-03-20 08:54:00 28672 --a------ C:\WINDOWS\system32\BT848Wst.dll

    2007-03-20 08:54:00 16384 --a------ C:\WINDOWS\system32\Bt848_32.dll

    2007-03-15 14:12:05 21504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll

    2007-03-15 13:50:56 0 d-------- C:\Program Files\Motive

    2007-03-15 13:50:56 0 d-------- C:\Program Files\BT Broadband Desktop Help<BTBROA~1>

    2007-02-26 18:42:38 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA

    2007-02-26 18:37:19 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

     

     

    -- Find3M Report ---------------------------------------------------------------

     

    2007-03-21 20:42:45 0 d-------- C:\Program Files\ZipCentral<ZIPCEN~1>

    2007-03-21 19:57:29 0 d-------- C:\Program Files\Grisoft

    2007-03-21 19:56:42 0 d---s---- C:\Documents and Settings\family\Application Data\Microsoft<MICROS~1>

    2007-03-20 15:28:23 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1>

    2007-03-20 15:25:41 0 d-------- C:\Program Files\Avanquest update<AVANQU~1>

    2007-03-20 09:44:57 0 d-------- C:\Program Files\WinTV

    2007-03-18 12:53:29 0 d-------- C:\Program Files\Microsoft Money<MICROS~4>

    2007-03-17 18:12:35 16 --a------ C:\WINDOWS\popcinfo.dat

    2007-03-15 21:21:19 0 d-------- C:\Program Files\Outlook Express Quick Backup<OUTLOO~2>

    2007-03-15 21:21:05 249856 -----n--- C:\WINDOWS\Setup1.exe

    2007-03-15 21:21:03 73216 --a------ C:\WINDOWS\ST6UNST.EXE

    2007-03-15 13:57:49 0 d-------- C:\Documents and Settings\family\Application Data\Motive

    2007-03-15 13:52:14 0 d-------- C:\Program Files\Common Files\Motive

    2007-02-18 19:21:36 0 d-------- C:\Program Files\Yahoo!

    2007-01-29 10:37:18 0 d-------- C:\Program Files\BT Home Hub<BTHOME~1>

    2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

    2007-01-25 07:55:27 29232 --a------ C:\WINDOWS\hpoins03.dat

    2007-01-22 21:43:35 0 d-------- C:\Program Files\btbb_wcm

    2007-01-21 12:05:59 0 d-------- C:\Program Files\OpenTTD

    2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

    2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

    2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll

    2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

    2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

    2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

    2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

    2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

    2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

    2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll

    2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll

    2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

    2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

    2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

    2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

    2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

    2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

     

     

    -- Registry Dump ---------------------------------------------------------------

     

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    "type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""

    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

    "nwiz"="nwiz.exe /install"

    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

    "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""

    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

    "Intense Registry Service"="IntEdReg.exe /CHECK"

    "btbb_wcm_McciTrayApp"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe"

    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

    "NoChange"="1"

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

    "Installed"="1"

     

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

    "RunNarrator"="Narrator.exe"

     

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]

    "RunNarrator"="Narrator.exe"

     

     

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

     

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoActiveDesktop"=dword:00000000

    "ForceActiveDesktopOn"=dword:00000000

     

    Windows Registry Editor Version 5.00

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]

    "Debugger"="\"c:\\windows\\system32\\wbjrwesa.txt\""

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\disk

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

     

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

    NetworkService REG_MULTI_SZ DnsCache\

    rpcss REG_MULTI_SZ RpcSs\

    imgsvc REG_MULTI_SZ StiSvc\

    termsvcs REG_MULTI_SZ TermService\

    HTTPFilter REG_MULTI_SZ HTTPFilter\

    DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

     

     

     

    -- End of ComboScan: finished at 2007-03-21 at 21:52:13 ------------------------

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    OH bother... now my desktop has gone missing... I'm really going from bad to worse on this...

     

    since I last wrote, reboot hasn't resolved it...

     

    nor has moving wbjrwesa.txt to the old e drive helped, the desktop is still blank... the only way I can run anything is via task mgr (ctrl+alt+del) and then use File/Run....

     

    the only good news is that I can see the internet on the desktop mc again and can run Comboscan. As requested earlier I will put the details from Comboscan.txt in here, but I will have to do that again - explorer isn't running and I can't find the output - aargh! :angry:

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    I've been playing...

     

    I tried simply moving the wbjrwesa.txt file out of the windows/system32 folder to the desktop and then deleted the prefetch version (Ordinary delete, not CCleaner Securedelete - didn't work)

     

    Then I tried running CCleaner again and it worked, analyzing and removing the accumulated crud of the last few days... So that's good...

     

    However, at the moment, my desktop seems to have got a bit confused and all the icons and task bars have vanished so it might be time for a reboot. I'll let you know how I get on...

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    I've read on some italian forum other people that is unable to run both CCleaner and HijackThis too..

    :unsure:

     

    If you like, try to download a renamed copy of HJT from my web space:

     

    File name pippo.zip (contains HJT renamed as pippo.exe)

     

    Disco Remoto

     

     

    Many thanks for the help, but that hasn't worked either.... it still recognises it as a threat and shuts it down...

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    Hi,

    Run this instead. (it will generate a hijackthis log as well)

     

    Download ComboScan to your Desktop

    • Close all applications and windows.

    • Double-click on comboscan.exe to run it, and follow the prompts.

    • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt

    • A folder Comboscan will also open which contains the Comboscan.txt and a Supplementary.txt.

    • Copy and paste the contents of ComboScan.txt in your next reply.

    • Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

     

     

     

    Unfortunately this has gone the same way as HijackThis... It did start running and completed the restore point, but stopped around 12% progress (as far as I could tell). Both .txt files were created but are empty...

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    Hi,

    Run this instead. (it will generate a hijackthis log as well)

     

    Download ComboScan to your Desktop

    • Close all applications and windows.

    • Double-click on comboscan.exe to run it, and follow the prompts.

    • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt

    • A folder Comboscan will also open which contains the Comboscan.txt and a Supplementary.txt.

    • Copy and paste the contents of ComboScan.txt in your next reply.

    • Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

     

     

    oops - just seen this - will go give it a try... ta muchly...

    CCleaner failing

    in CCleaner Bug Reporting

    Posted

    fancy rename doesn't work any better... there are too many internal names that even I can see (but can't amend...)

     

    unless anyone has any better ideas, I'm gonna have a crack at deleting the wbjrwesa.txt file (it would be rather ironic if I could use the Secure Delete function of CCleaner to get rid of it :) ) My suspicion is that nothing in Explorer will work, but I'm hopeful that 'ERASE' in a command window might give it a fright...

     

    Meanwhile, I'll go fix the other application I broke taking out too much to get rid of this bug :blink:

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept