Home > General > HKCR\.JascProject


Download TDSSKiller and save it to your desktop. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.tb.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\interface.interfaceobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.

But you will need to do the steps I suggested to uninstall one of these two antivirus softwares now, as they not only cause their own problems but will interfere with device: opened successfully user: MBR read successfully . If Combofix asks you to update the program, always do so. It has done this 1 time(s). 3/20/2011 4:53:32 PM, error: Service Control Manager [7034] - The dlcd_device service terminated unexpectedly. http://extension.nirsoft.net/jascproject

Files Infected: c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Please try the request again. c:\documents and settings\networkservice\application data\whitesmokesetup (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\whitesmoketranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection. Ask a question and give support. IF REQUESTED, ZIP IT UP & ATTACH IT . HKEY_CLASSES_ROOT\toolbar.tb (Adware.BHO) -> Quarantined and deleted successfully.

c:\documents and settings\ed\application data\whitesmokesetup\setup.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully. The system returned: (22) Invalid argument The remote host or network may be down. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable http://www.teachexcel.com/winxp/winxp-help.php?i=49703 DDS (Ver_11-03-05.01) - NTFSx86 Run by Ed at 22:11:34.87 on Sun 03/20/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2817 [GMT -4:00] .

It has done this 1 time(s). 3/20/2011 4:53:32 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. Very Important! Use AppRemover to uninstall it: http://www.appremover.com/ We can reinstall it when we're done with CF. **Note 3: If you receive an error "Illegal operation attempted on a registery key that has Once the scan completes a textbox will open - copy/paste those contents here for review please.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD6400AAKS-00E4A0 rev.05.01D05 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-7 . http://winassist.org/thread/635003/HKCR-JascProject.php If CTH has helped you, please consider liking and sharing us on Facebook Search Forums Show Threads Show Posts Advanced Search Go to Page... If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. RP11: 12/21/2010 10:44:49 PM - Software Distribution Service 3.0 RP12: 12/22/2010 9:49:02 PM - Software Distribution Service 3.0 RP13: 12/22/2010 9:52:22 PM - Software Distribution Service 3.0 RP14: 12/23/2010 9:53:12 PM

If Combofix asks you to install Recovery Console, please allow it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Download Malwarebytes' Anti-Malware from Here or Here.

Next type Y to begin the script. FF - ProfilePath - c:\docume~1\ed1ebc~1.kid\applic~1\mozilla\firefox\profiles\jnvd4nmb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll The cleaning process, once started, has to be completed. Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AE39439]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ae3f7d0]; MOV EAX, [0x8ae3f84c]; PUSH EBX;

The scan will instruct you to post Attach.txt as an attachment. Your cache administrator is webmaster. If an infected file is detected, the default action will be Cure, click on Continue.

Close any open browsers.

Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here. ================ Run a new RSIT scan, and post that log along with the Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238MTUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

c:\documents and settings\ed\application data\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\documents and settings\ed\application data\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - Never run more than one scan at a time.