Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

(Broken.OpenCommand)


  • Please log in to reply

#1
UCDaveW

UCDaveW

    New Member

  • Member
  • Pip
  • 3 posts
problem is originally the computer starts to freeze up, then drops connection. have run the supposed fix (found on another forum) and for about a month everything was fine. now it's back and nothing works to get rid of it. windows 7 OS running ... OTS wouldn't run, even in safe mode.

Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/12/2010 2:24:48 AM
mbam-log-2010-02-12 (02-24-48).txt

Scan type: Quick Scan
Objects scanned: 7308
Time elapsed: 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-11 20:20:19
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\RAVENM~1\AppData\Local\Temp\uwlyapog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwCreateThread [0x90B87E8C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x90B87EA6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwLoadDriver [0x90B881BC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x90B87BCC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwOpenSection [0x90B885EE]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwRenameKey [0x90B8988C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x90B8843E]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSuspendProcess [0x90B87A4C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSuspendThread [0x90B87EC0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x90B88042]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwTerminateProcess [0x90B879A6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwTerminateThread [0x90B87B06]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x90B87F86]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E052D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E04898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D1A8

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



Thank you for ANY help!
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello UCDaveW,

Welcome to Geekstogo.

This link will explain that Malwarebytes report.

http://forums.malwar...?showtopic=6195

As far as your machines other symptoms are concerned, let's have a look and see what we can find.

  • Please download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP