It is currently Sun Jul 23, 2017 3:45 am


Problems, currently cannot access programs

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Problems, currently cannot access programs

Postby mithril » Fri Sep 02, 2011 2:38 pm

I was infected with a malware a couple days ago.... forget exactly its name unfortunately... but it was one of those fake "your computer is infected with this this and this, activate now to repair" and it seriously disrupted things. I ran Spybot, and did some searching on the net... but nothing worked. Now... that particular malware isnt popping up and spamming me anymore (not sure where it could have gone, Spybot didnt remove I do not believe) but I am getting other problems. First few times I started my comp today.... I got some Windows services cannot start, computer will be shutdown in 60 seconds. It did that three or four times. Now I have it booted, and I tried to run Hijackthis, and I am getting the message "Windows cannot access the specified device, file, or path. You may not have appropriate permission to access the item" on not just hijackthis, but most programs I try to open. Does anyone have any ideas? Im sure my comp is infected, but cant seem to get a lead on how to repair. Thank you in advance for any info!
User avatar
mithril
Geek
Geek
 
Posts: 88
Joined: Sun May 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Problems, currently cannot access programs

Postby mithril » Fri Sep 02, 2011 2:58 pm

Some more info.... I was just able to download, install, and run malwarebytes. For about 8 seconds. then it just disappeared during scan. When I tried to start it again... got the above message again.
User avatar
mithril
Geek
Geek
 
Posts: 88
Joined: Sun May 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Problems, currently cannot access programs

Postby Gecko » Sat Sep 03, 2011 10:09 pm

Have you tried running Malwarebytes from safe mode?

Reboot in to Safe mode:
Restart Windows after you see the BIOS screen and before Windows starts to load.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
Use the Arrow key to ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

If that does not fix your problem then:
Please download combofix to your desktop.
Double click combofix.exe and follow the prompts.
If combofix will not start or is ended before the "Blue window" please rename combofix.exe to cbf.exe and try again.

If cbf.exe will not start or is ended, you will have to run cbf.exe from safe mode.
Reboot in to Safe mode:
Restart Windows after you see the BIOS screen and before Windows starts to load.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
Use the Arrow key to ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Do not exit Combofix while it is running you my loose all your personal settings!
Important Note - Do not mouseclick combofix's window while it's running, that may cause it to stall.

When it's done running it will produce a log for you. Please post that log in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Problems, currently cannot access programs

Postby mithril » Mon Sep 05, 2011 7:42 pm

Cant run Malwarebytes, it wont let me open most programs on my computer, I get that message about Windows cannot access the specified device, file, or path. You may not have appropriate permission to access the item" . I just got it into safe mode, so going to do those other steps now
User avatar
mithril
Geek
Geek
 
Posts: 88
Joined: Sun May 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Problems, currently cannot access programs

Postby mithril » Mon Sep 05, 2011 8:08 pm

Combofix ran, here is the log report:

ComboFix 11-09-05.05 - User1 09/05/2011 14:51:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2985 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User1\Local Settings\Application Data\AcroMobileCmds\eventcrtaudio.dll
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\Comrade.exe.bacfe152.ini
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\Comrade.exe.bacfe152.ini.inuse
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\dndlauncher.exe.49f1997f.ini
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\TurbineInvoker.exe.ccffdf2c.ini
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\TurbineInvoker.exe.e40d002e.ini
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.b804356.ini
c:\documents and settings\User1\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.d8bd62d4.ini
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\bwUnin-6.1.4.36-8876480L.exe
c:\windows\system32\qbrmroei.dll
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ce218960
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-02 14:42 . 2011-09-05 19:00 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\AcroMobileCmds
2011-09-02 13:56 . 2011-09-02 13:56 -------- d-----w- c:\documents and settings\User1\Application Data\Malwarebytes
2011-09-02 13:55 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-02 13:55 . 2011-09-02 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-02 13:55 . 2011-09-02 13:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-02 13:55 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-02 12:54 . 2011-09-02 12:54 -------- d-----w- c:\program files\Trend Micro
2011-08-10 21:33 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 21:32 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2007-09-20 04:33 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-28 19:29 . 2011-06-21 22:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 14:10 . 2008-07-13 21:16 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2007-09-20 04:59 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2007-09-20 04:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec
2011-06-21 22:54 . 2011-06-21 23:04 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-20 17:44 . 2007-09-20 04:35 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-20 14:31 . 2011-06-21 22:52 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-02 13:24 . 2011-03-29 18:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-16 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
.
c:\documents and settings\User1\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-4-30 0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\User1\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\documents and settings\User1\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\User1\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
path=c:\documents and settings\User1\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
backup=c:\windows\pss\V CAST Media Monitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-08-15 13:49 1191216 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 16:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2008-08-01 20:36 1103216 ----a-w- c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImpulseFastStart]
2011-06-15 06:35 2389280 ----a-w- c:\games\Stardock\Impulse\Impulse.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 06:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 23:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 23:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-16 21:30 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsLivePhone]
2008-12-22 18:59 787816 ----a-w- c:\program files\Windows Live\Device Manager\msgrdvmn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 22:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Games\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\CivilizationV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Games\\Dreamlords\\dreamlords.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Documents and Settings\\User1\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\dfsvc.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Documents and Settings\\User1\\Local Settings\\Apps\\2.0\\99N4WZ9M.569\\JDC55RP8.DBE\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\User1\\Local Settings\\Apps\\2.0\\0OO7C5RV.AVD\\N4MNHANC.0ZL\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57141:TCP"= 57141:TCP:Pando Media Booster
"57141:UDP"= 57141:UDP:Pando Media Booster
"58564:TCP"= 58564:TCP:Pando Media Booster
"58564:UDP"= 58564:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/21/2011 6:52 PM 64512]
S2 gupdate1c987f0ef66b51a;Google Update Service (gupdate1c987f0ef66b51a);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2009 8:22 PM 133104]
S2 lanmanworkstation32;Workstation ;c:\windows\system32\nvoglnt32.exe --> c:\windows\system32\nvoglnt32.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2151640]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\User1\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\User1\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2009 8:22 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 13:49]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 00:22]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 00:22]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1383384898-839522115-1003Core.job
- c:\documents and settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 02:45]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1383384898-839522115-1003UA.job
- c:\documents and settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 02:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\zq1ws582.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-eventcrtaudio - c:\documents and settings\User1\Local Settings\Application Data\AcroMobileCmds\eventcrtaudio.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 15:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-1383384898-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2d,b1,ee,71,f4,1c,0d,aa,e3,14,8a,da,c6,36,31,0b,4e,04,13,0b,2f,
b6,9d,90,fd,64,96,6e,87,b0,94,e8,3d,51,76,34,24,9d,4c,5c,b7,7e,d4,a0,84,4d,\
"rkeysecu"=hex:99,ca,3b,cc,a0,fb,16,33,c1,d8,00,2f,e0,83,27,83
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
.
**************************************************************************
.
Completion time: 2011-09-05 15:07:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 19:07
ComboFix2.txt 2011-08-31 21:38
.
Pre-Run: 297,867,182,080 bytes free
Post-Run: 297,951,547,392 bytes free
.
- - End Of File - - 5547A789B8E2E969AB6D10A8B9BF49C1
User avatar
mithril
Geek
Geek
 
Posts: 88
Joined: Sun May 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Problems, currently cannot access programs

Postby Gecko » Tue Sep 06, 2011 2:05 am

mithril,

Combofix found and removed a lot, nut sometime it can miss parts of an infection on the first run.
Try running Malwarebytes now and then let me see that report.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Problems, currently cannot access programs

Postby mithril » Tue Sep 06, 2011 5:55 pm

Still cannot run malwarebytes, even in safe mode, still getting that "Windows cannot access the specified device, file, or path. You may not have appropriate permission to access the item" message when I attempt to run a good amount of my installed programs
User avatar
mithril
Geek
Geek
 
Posts: 88
Joined: Sun May 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Problems, currently cannot access programs

Postby mithril » Tue Sep 06, 2011 8:09 pm

also, why did combofix quarantine so many programs, which are programs I use, such as Steam and whatnot?
User avatar
mithril
Geek
Geek
 
Posts: 88
Joined: Sun May 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Problems, currently cannot access programs

Postby mithril » Sat Sep 24, 2011 9:54 pm

Still having same issues... with being unable to start most programs, unable to install or remove things, weird random pop ups all the time, and random reboots. I was able to get HiJAckThis to run...here is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 4:50:37 PM, on 9/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User1\My Documents\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fubar.com/imgs/ImageUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Google Update Service (gupdate1c987f0ef66b51a) (gupdate1c987f0ef66b51a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Workstation (lanmanworkstation32) - Unknown owner - C:\WINDOWS\system32\nvoglnt32.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)
User avatar
mithril
Geek
Geek
 
Posts: 88
Joined: Sun May 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top


Return to Malware Support

Who is online

Users browsing this forum: No registered users and 2 guests

cron