Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System.BrokenFileAssociation

Started by drunkducki , Nov 10 2011 04:16 PM

  • Please log in to reply

#31
drunkducki
Posted 21 November 2011 - 04:59 PM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
yes i get the Avast control panel and the icon appears. ran the script again still getting same thing.


========== FILES ==========
< reg query HKEY_CLASSES_ROOT\.exe /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\.exe
<NO NAME> REG_SZ exefile
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CLASSES_ROOT\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\exefile
<NO NAME> REG_SZ Application
Content Type REG_SZ application/x-msdownload
EditFlags REG_BINARY 38070000
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
HKEY_CLASSES_ROOT\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_CLASSES_ROOT\exefile\shell
HKEY_CLASSES_ROOT\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_CLASSES_ROOT\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shell\runas
HKEY_CLASSES_ROOT\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shell\start
HKEY_CLASSES_ROOT\exefile\shell\start\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shellex
HKEY_CLASSES_ROOT\exefile\shellex\DropHandler
<NO NAME> REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser
<NO NAME> REG_SZ {09A63660-16F9-11d0-B1DF-004F56001CA7}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps
<NO NAME> REG_SZ {86F19A00-42A0-1069-A2E9-08002B30309D}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page
<NO NAME> REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}
<NO NAME> REG_SZ Null persistent handler
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
<NO NAME> REG_SZ {c3278e90-bea7-11cd-b579-08002b30bfeb}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\.exe /s /c >
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Classes\exefile
<NO NAME> REG_SZ Application
Content Type REG_SZ application/x-msdownload
EditFlags REG_BINARY 38070000
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\shell\start
HKEY_CURRENT_USER\Software\Classes\exefile\shell\start\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe
<NO NAME> REG_SZ exefile
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile
<NO NAME> REG_SZ Application
EditFlags REG_BINARY 38070000
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler
<NO NAME> REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\PEAnalyser
<NO NAME> REG_SZ {09A63660-16F9-11d0-B1DF-004F56001CA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\PifProps
<NO NAME> REG_SZ {86F19A00-42A0-1069-A2E9-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page
<NO NAME> REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}
<NO NAME> REG_SZ Null persistent handler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
<NO NAME> REG_SZ {c3278e90-bea7-11cd-b579-08002b30bfeb}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_145624
  • 0

Advertisements

#32
RKinner
Posted 21 November 2011 - 05:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
This line goes away when you reboot:

HKEY_CLASSES_ROOT\.exe\PersistentHandler
<NO NAME> REG_SZ {098f2470-bae0-11cd-b579-08002b30bfeb}

Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582
You will be prompted to validate your copy of Windows.
As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
In the User Profile Hive Cleanup Service installation wizard, click Next.
In the License Agreement page, read the license agreement, select I Agree, and then click Next.
In the Select Installation Folder page, click Next.
In the Confirm Installation page, click Next.
When UPHClean is installed, click Close.

Note UPHClean runs as a service in Windows and will start automatically every time that Windows starts.
To confirm that UPHClean is installed and running, click Start, and then click Run.
In Open box, type the following text, and then click OK:

services.msc
In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.

Run the Merge again and then reboot and run the last OTL script again.
  • 0

#33
drunkducki
Posted 21 November 2011 - 05:23 PM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
same message and no icon

========== FILES ==========
< reg query HKEY_CLASSES_ROOT\.exe /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\.exe
<NO NAME> REG_SZ exefile
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CLASSES_ROOT\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\exefile
<NO NAME> REG_SZ Application
Content Type REG_SZ application/x-msdownload
EditFlags REG_BINARY 38070000
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
HKEY_CLASSES_ROOT\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_CLASSES_ROOT\exefile\shell
HKEY_CLASSES_ROOT\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_CLASSES_ROOT\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shell\runas
HKEY_CLASSES_ROOT\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shell\start
HKEY_CLASSES_ROOT\exefile\shell\start\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shellex
HKEY_CLASSES_ROOT\exefile\shellex\DropHandler
<NO NAME> REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser
<NO NAME> REG_SZ {09A63660-16F9-11d0-B1DF-004F56001CA7}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps
<NO NAME> REG_SZ {86F19A00-42A0-1069-A2E9-08002B30309D}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page
<NO NAME> REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}
<NO NAME> REG_SZ Null persistent handler
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
<NO NAME> REG_SZ {c3278e90-bea7-11cd-b579-08002b30bfeb}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\.exe /s /c >
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Classes\exefile
<NO NAME> REG_SZ Application
Content Type REG_SZ application/x-msdownload
EditFlags REG_BINARY 38070000
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\shell\start
HKEY_CURRENT_USER\Software\Classes\exefile\shell\start\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe
<NO NAME> REG_SZ exefile
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile
<NO NAME> REG_SZ Application
EditFlags REG_BINARY 38070000
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler
<NO NAME> REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\PEAnalyser
<NO NAME> REG_SZ {09A63660-16F9-11d0-B1DF-004F56001CA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\PifProps
<NO NAME> REG_SZ {86F19A00-42A0-1069-A2E9-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page
<NO NAME> REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}
<NO NAME> REG_SZ Null persistent handler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
<NO NAME> REG_SZ {c3278e90-bea7-11cd-b579-08002b30bfeb}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_152250
  • 0

#34
RKinner
Posted 21 November 2011 - 05:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run the merge one more time.

Now Start, Run, msconfig, OK

Click on Diagnostic Startup then OK and reboot.

Do you get the same error?
  • 0

#35
drunkducki
Posted 21 November 2011 - 05:47 PM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
i get this message while selecting Diagnostic Startup:

"An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes."

however i'm logged in as Administrator
  • 0

#36
RKinner
Posted 21 November 2011 - 05:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
In MSCONFIG under Services, uncheck all of them and then hit Apply. Reboot and run msconfig and see if any of the services are still checked.
  • 0

#37
drunkducki
Posted 21 November 2011 - 06:03 PM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
i was unable to uncheck DCOM server process launcher, Remote Procedure call locator, and remote procedure call. when i clicked ok i get the same message:


"An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes."


rebooted the system, all services were unchecked (except for those 3 services). same message running programs.
  • 0

#38
drunkducki
Posted 21 November 2011 - 06:04 PM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
just tried running in safe mode. same message.
  • 0

#39
RKinner
Posted 21 November 2011 - 07:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Let's try a new merge file. Copy the text in the code box

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CURRENT_USER\Software\Classes\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CURRENT_USER\Software\Classes\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\Software\Classes\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_LOCAL_MACHINE\Software\Classes\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

Start, Run, notepad, OK then Ctrl + v to paste the text in. File, SaveAs to your desktop, "fix2.reg" OK

Right click on fix2.reg and Merge.

Reboot and run the OTL scrip again.
  • 0

#40
drunkducki
Posted 22 November 2011 - 09:55 AM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
========== FILES ==========
< reg query HKEY_CLASSES_ROOT\.exe /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\.exe
<NO NAME> REG_SZ exefile
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CLASSES_ROOT\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\exefile
<NO NAME> REG_SZ Application
Content Type REG_SZ application/x-msdownload
EditFlags REG_BINARY 38070000
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
HKEY_CLASSES_ROOT\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_CLASSES_ROOT\exefile\shell
HKEY_CLASSES_ROOT\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_CLASSES_ROOT\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shell\runas
HKEY_CLASSES_ROOT\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shell\start
HKEY_CLASSES_ROOT\exefile\shell\start\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CLASSES_ROOT\exefile\shellex
HKEY_CLASSES_ROOT\exefile\shellex\DropHandler
<NO NAME> REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser
<NO NAME> REG_SZ {09A63660-16F9-11d0-B1DF-004F56001CA7}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps
<NO NAME> REG_SZ {86F19A00-42A0-1069-A2E9-08002B30309D}
HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page
<NO NAME> REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}
<NO NAME> REG_SZ Null persistent handler
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_CLASSES_ROOT\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
<NO NAME> REG_SZ {c3278e90-bea7-11cd-b579-08002b30bfeb}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\.exe /s /c >
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Classes\exefile
<NO NAME> REG_SZ Application
Content Type REG_SZ application/x-msdownload
EditFlags REG_BINARY 38070000
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
HKEY_CURRENT_USER\Software\Classes\exefile\shell\start
HKEY_CURRENT_USER\Software\Classes\exefile\shell\start\command
<NO NAME> REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_CURRENT_USER\Software\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe
<NO NAME> REG_SZ exefile
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile
<NO NAME> REG_SZ Application
EditFlags REG_BINARY 38070000
TileInfo REG_SZ prop:FileDescription;Company;FileVersion
InfoTip REG_SZ prop:FileDescription;Company;FileVersion;Create;Size
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon
<NO NAME> REG_SZ %1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open
EditFlags REG_BINARY 00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
<NO NAME> REG_SZ "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command
<NO NAME> REG_SZ "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler
<NO NAME> REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\PEAnalyser
<NO NAME> REG_SZ {09A63660-16F9-11d0-B1DF-004F56001CA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\PifProps
<NO NAME> REG_SZ {86F19A00-42A0-1069-A2E9-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page
<NO NAME> REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb} /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}
<NO NAME> REG_SZ Null persistent handler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
<NO NAME> REG_SZ {c3278e90-bea7-11cd-b579-08002b30bfeb}
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11222011_075530
  • 0

Advertisements

#41
drunkducki
Posted 22 November 2011 - 09:56 AM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Avast icon is there after reboot. half of the desktop shortcuts now have the program icons. still getting same message running programs.
  • 0

#42
RKinner
Posted 22 November 2011 - 05:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do the last Merge again.

Start, Run, regedit, OK to bring up the registry editor.

Find HKEY_CLASSES_ROOT and click on the + in front of it. It should open up. Look in the list below it for

.exe

and click on the plus in front of it. Find

PersistentHandler

and right click and select Permissions.

Under Group or user names click on each entry and write down each and note which have Allow checked in the bottom pane.

Now click on Advanced. Then on Owner. We want to take ownership of the key so click on your name and then Apply then go back to Permissions.

Uncheck the box for Inherit from Parent....

Click on COPY

Now click on the Users key and hit Edit. Note the 4 items that are checked. (Should be: Query Value, Enumerate Subkeys, Notify, Read Control)

Cancel. Now select the next item that says Full Control under Permission and hit Edit.
Hit the Clear All button then just check the same four keys as were checked for Users.

Repeat for any other keys which still say Full Control. They should now all say Read. Apply, OK.

OK and close Regedit.

Now reboot and let's see if it can still delete the key.

(Go back into Regedit and see if the PersistentHandler key is still there.)
  • 0

#43
drunkducki
Posted 22 November 2011 - 05:20 PM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
when you said "Now click on the Users key and hit Edit. Note the 4 items that are checked. (Should be: Query Value, Enumerate Subkeys, Notify, Read Control)"

but everything was checked including full control.
  • 0

#44
RKinner
Posted 22 November 2011 - 05:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
On my XP Users only had those four checked so go ahead and change it so only the four items are checked for that one too.

The reason we are doing this is to make it very hard for something even windows, to remove the key so we want everyone to be able to READ it but no one can write or delete it.
  • 0

#45
drunkducki
Posted 22 November 2011 - 05:38 PM

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
rebooted the machine, all shortcut icons are back and no more messages running programs.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP