Virus that won't allow me to run hijackthis

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

blueturnaround

Thread Starter
Joined
Jul 5, 2008
Messages
2
I've read some other posts and this seems to be an unfixable virus, but I'll post here. This virus downloads clicker malware which can be removed, but the "source" virus itself is a dandy. I tried to run a registration key.exe file for a html editing program that's supposed to be free, but is not because the maker of that particular program is MIA (it's called 40tude).

Anyway, the .exe file I downloaded and ran is running amuck on my system.

When I first tried to run hijack this, it ran but 1/2 way thru the scan, the program just closed. Now when I try to run it, I get the following message:
"Windows cannot access the specified device, path or file. yoy may not have the appropriate permissions to access the item"

I tried booting in safe mode and running hijackthis, same thing.

I cannot rename hijackthis as I get the same message.

I've tried reinstalling hijackthis under different names, same result, runs at first then shuts down. Then later, I can't even get a scan going, I get that message.

Same thing with ad-aware.

I cannot delete the original hijackthis file, I get that message, but I can delete subsequent installs of hijackthis.

I ran across a post that I've lost and the guy was able to run "combofix" which I then downloaded and ran. It worked.

Any help would be appreciated, as far as I can tell, combofix hasn't fixed the problem since I still cannot run ad-aware or hijackthis. Any help would be appreciated, and a feat of genius since it seems that no one has been able to beat this thing yet.

Here's the log file from combofix:


ComboFix 09-09-09.04 - Matt 09/09/2009 23:26.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1405.665 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and conditions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
c:\programdata\ntuser.dat{fcdd793c-2305-11de-84cc-0019d14a75f7}.TMContainer00000000000000000001.regtrans-ms
c:\users\Matt\AppData\Local\wswakcu.dat
c:\users\Matt\AppData\Local\wswakcu_nav.dat
c:\users\Matt\AppData\Local\wswakcu_navps.dat
c:\users\Matt\AppData\Local\ykmeuuo.dat
c:\users\Matt\AppData\Local\ykmeuuo_nav.dat
c:\users\Matt\AppData\Local\ykmeuuo_navps.dat
c:\users\Matt\AppData\Roaming\84372872az.exe
c:\windows\Installer\25932d.msi
c:\windows\Installer\288410d7.msi
c:\windows\Installer\375dd.msi
c:\windows\msa.exe
c:\windows\system32\imghtg.dll
c:\windows\system32\nvs2.inf
H:\autorun.inf

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 03:37 . 2009-09-10 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-10 03:23 . 2009-09-10 03:23 0 ----a-w- c:\windows\win32k.sys
2009-09-10 03:01 . 2009-09-10 03:02 -------- d-----w- c:\program files\hide
2009-09-10 03:00 . 2009-09-10 03:01 -------- d-----w- c:\program files\Trend Micro
2009-09-10 02:03 . 2009-09-10 02:03 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2009-09-10 02:02 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 02:02 . 2009-09-10 02:03 -------- d-----w- c:\program files\Malware
2009-09-10 02:02 . 2009-09-10 02:02 -------- d-----w- c:\programdata\Malwarebytes
2009-09-10 02:02 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 01:26 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-10 01:25 . 2009-09-10 01:25 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-09 15:02 . 2006-05-16 21:46 270336 ----a-w- c:\windows\system32\AliasFR130.dll
2009-09-09 15:02 . 2009-09-09 15:03 -------- d-----w- c:\program files\AliasFR130
2009-09-09 14:20 . 2009-09-09 14:24 -------- d-----w- c:\program files\40tude Dialog
2009-09-02 22:49 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:49 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 23:47 . 2009-08-29 23:48 -------- d-----w- c:\program files\Build-a-Lot 4 - Power Source
2009-08-29 23:46 . 2009-08-29 23:46 -------- d-----w- c:\program files\bfgclient
2009-08-29 23:45 . 2009-08-29 23:51 -------- d-----w- C:\BigFishGamesCache
2009-08-27 07:03 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-20 18:16 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-20 18:16 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-20 18:16 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-20 18:16 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-20 18:16 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-20 18:16 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-20 18:16 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-20 18:16 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-15 07:11 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-15 07:11 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-15 07:11 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-15 07:11 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-15 07:11 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-15 07:11 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-15 07:11 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-15 07:01 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-15 07:01 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-15 07:01 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-15 07:01 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-15 07:01 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-12 23:45 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 23:45 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 23:45 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 23:45 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 23:45 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 23:45 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 23:45 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 23:45 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 03:39 . 2007-04-16 01:41 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-10 03:17 . 2008-01-19 23:19 -------- d-----w- c:\users\Matt\AppData\Roaming\Skype
2009-09-10 01:24 . 2008-02-17 14:40 -------- d-----w- c:\programdata\Lavasoft
2009-09-10 01:24 . 2007-03-30 03:29 -------- d-----w- c:\program files\Lavasoft
2009-09-09 20:18 . 2007-03-30 03:30 -------- d-----w- c:\programdata\Google Updater
2009-09-09 15:25 . 2009-03-29 15:45 -------- d-----w- c:\users\Matt\AppData\Roaming\FileZilla
2009-09-09 14:46 . 2009-03-29 17:34 -------- d-----w- c:\program files\40tude HTML
2009-09-09 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-30 00:04 . 2007-08-29 14:15 -------- d-----w- c:\program files\Java
2009-08-25 15:13 . 2009-01-19 20:46 -------- d-----w- c:\programdata\Rosetta Stone
2009-08-21 22:45 . 2009-03-17 12:45 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-14 17:07 . 2009-09-09 03:21 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 03:21 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 03:21 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 03:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 03:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 03:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 03:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 03:21 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 03:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 03:21 10240 ----a-w- c:\windows\system32\finger.exe
2009-07-30 12:31 . 2009-03-24 22:57 -------- d-----w- c:\program files\MozyPro
2009-07-27 15:09 . 2007-03-30 03:19 -------- d-----w- c:\users\Matt\AppData\Roaming\BitTorrent
2009-07-25 09:23 . 2008-12-24 01:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:06 . 2009-07-29 01:55 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 01:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 01:55 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 19:32 . 2009-09-09 03:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:32 . 2009-09-09 03:21 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 03:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:29 . 2009-09-09 03:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-06-24 19:00 . 2009-07-30 12:31 54776 ----a-w- c:\windows\system32\drivers\mozypro.sys
2009-06-15 15:24 . 2009-07-14 19:10 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-14 19:10 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-14 19:10 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-14 19:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro]
@="{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}"
[HKEY_CLASSES_ROOT\CLSID\{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}]
2009-06-24 19:00 2835256 ----a-w- c:\program files\MozyPro\mozyproshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro2]
@="{CBAFE103-79DA-46ca-BD9A-63CBF6282882}"
[HKEY_CLASSES_ROOT\CLSID\{CBAFE103-79DA-46ca-BD9A-63CBF6282882}]
2009-06-24 19:00 2835256 ----a-w- c:\program files\MozyPro\mozyproshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro3]
@="{8B99EA55-1AFF-4539-80A0-A71C6011CD84}"
[HKEY_CLASSES_ROOT\CLSID\{8B99EA55-1AFF-4539-80A0-A71C6011CD84}]
2009-06-24 19:00 2835256 ----a-w- c:\program files\MozyPro\mozyproshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-06-05 188416]
"RegistryMechanic"="c:\program files\Registry Mechanic\rmtray.exe" [2007-08-20 701736]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-3-8 118784]
MozyPro Status.lnk - c:\program files\MozyPro\mozyprostat.exe [2009-6-24 2876216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8018BE98-8630-4E57-BAAA-6B001A128308}c:\\program files\\kazaa lite resurrection\\kazaalite.kpp"= UDP:c:\program files\kazaa lite resurrection\kazaalite.kpp:kazaalite.kpp
"UDP Query User{8E5345AC-453A-4C7F-A580-4AAEB670D1F9}c:\\program files\\kazaa lite resurrection\\kazaalite.kpp"= TCP:c:\program files\kazaa lite resurrection\kazaalite.kpp:kazaalite.kpp
"TCP Query User{3D41484D-AC69-426E-955D-2A498D72F095}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{A9843EFB-B4DC-4086-B482-8BE64218B35D}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{3439CFCD-FDD5-4B46-B07C-A2B86C3611E7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C5BC147B-43E8-4E1A-A210-362D88570EBB}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{C60E950E-9498-40A1-81A1-E70E5C6A519A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{54CCD2C4-99D4-4972-A63F-60734CD1E4D9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{087A3620-626C-4929-AAF0-313C3449F996}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{7E2B403E-3353-47CE-8A26-F1224F832BF9}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1ADDA753-D83B-4A7B-A49D-09C90A9EDB8E}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{F09DFC39-0BBF-4917-BD06-5088BFC4681E}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{30A2DCE6-EFD5-4F7F-8235-7A6DBB2A368C}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{29AD8FEA-56A6-4022-9AA8-AC0CC3798536}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{39A8890C-4452-4680-94F7-D8F80DB85B86}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{68EFEF11-D0AB-4AA1-A907-DA4E5C28ACBF}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{33F1804B-32E6-436F-9148-66FD4A65DB59}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{08E059BC-B046-4203-A34B-B81D53B04A47}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{99348BAF-04C4-4657-882B-4E6E9F7D47C0}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{9153AAB9-9B0D-4CF0-8C67-B3FE8E8D03A7}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{C33E64EB-C664-4930-BF90-F06811F41D49}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Rosetta Stone Version 3 Application
"{D008B397-1301-462E-9537-4F76A56C342F}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"TCP Query User{0017A326-7622-4ECD-84A5-8CCF9C79329A}c:\\program files\\microsoft office\\office12\\mspub.exe"= UDP:c:\program files\microsoft office\office12\mspub.exe:Microsoft Office Publisher
"UDP Query User{42A8CB77-6C56-40B4-A78A-093253E6BC76}c:\\program files\\microsoft office\\office12\\mspub.exe"= TCP:c:\program files\microsoft office\office12\mspub.exe:Microsoft Office Publisher
"{0EFCB9B0-F5F6-4EB6-A5F9-8C5B0EEFC877}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [9/9/2009 9:26 PM 64160]
R1 mozyproFilter;mozyproFilter;c:\windows\System32\drivers\mozypro.sys [7/30/2009 8:31 AM 54776]
R2 mozyprobackup;MozyPro Backup Service;c:\program files\MozyPro\mozyprobackup.exe [3/16/2009 7:03 PM 78136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 CleanService;CleanService;c:\program files\Migo Software\Digital Shredder 4\CleanService.exe [8/27/2007 10:49 AM 64000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-30 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\jcte3gta.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Matt\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 23:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\win32k.sys:1 8704 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(496)
c:\program files\MozyPro\mozyproshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-09-10 23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 03:51

Pre-Run: 43,910,254,592 bytes free
Post-Run: 48,707,424,256 bytes free

292 --- E O F --- 2009-09-09 07:06
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top