0

Hello! I am sadly back.

Okay, recently I've been having some trouble. Whenever I tried to open an internet application (browser, some kind of updater, etc.) I got a "Windows cannot access the specified device path or file." I also had random redirects from search engines.

I know i am posting without any logs to present you guys with. Sadly, it is half the issue.

This access block I have encountered blocks every single program I can download from your sticky "readme."

I also tried the same steps in safe mode, but to no avail.

I have removed all spyware programs previously used, have all the diag and malware tools on my desktop.

GMER will run for 30 seconds and randomly shut down if I run it from your links provided.

windows malicious rootkit removal will install, update, and not scan.

malwarebytes will not run at all.

I will keep tryin to provide you guys with logs, but some direction on how to get past this block would be helpful.

Thanks!

4
Contributors
12
Replies
14
Views
6 Years
Discussion Span
Last Post by crunchie
0

I managed to get DDS to run (not sure how)

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 22:38:37 on 2011-09-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2860 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\3793769985:4272545565.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [4Y3Y0C3A9F7XWI4VVFZHJTI] c:\recycle.bin\B6232F3A60A.exe /q
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users.windows\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA0ADMAOQAwADUANwA3ADgALQBUADIAMwAtAEsAVgAzACsANwAtAEIAQQArADEALQBYAEwAKwAxAC0ARgBQADkAMgArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: pof.com\www
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247761775343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{B05C1015-FB47-462A-BCBA-EE3DF419EF30} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2008-12-17 80392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 372736]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2008-12-19 20160]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-17 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]
.
=============== Created Last 30 ================
.
2072-04-03 12:13:14 607296 ------w- c:\program files\microsoft games\age of empires iii\deformerdllyD.dll
2071-07-25 08:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-09-05 02:24:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-05 02:24:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 02:24:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 00:32:23 388096 ----a-r- c:\documents and settings\administrator.experien-5c742d\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-05 00:32:23 -------- d-----w- c:\program files\Trend Micro
2011-09-03 07:07:16 50112 --sha-w- c:\windows\system32\c_15464.nl_
2011-09-02 15:13:35 4194304 ----a-w- c:\windows\system32\szwgiday.dll
2011-08-23 22:57:28 -------- d-----w- c:\program files\MonitorDriver
2011-08-23 22:45:01 -------- d-----w- C:\Samsung
2011-08-21 04:33:01 -------- d-----w- c:\program files\VideoLAN
2011-08-10 02:56:50 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 02:56:04 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-09-05 00:53:54 16608 ----a-w- c:\windows\gdrv.sys
2011-09-05 00:53:23 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-09-03 07:06:54 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-09-02 15:11:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 22:39:02.85 ===============


log #2:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2008 1:46:03 AM
System Uptime: 9/4/2011 10:03:18 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-DS3L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2500/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 83.764 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 6/6/2011 6:52:57 PM - System Checkpoint
RP22: 6/7/2011 9:21:48 PM - System Checkpoint
RP23: 6/8/2011 9:33:37 PM - System Checkpoint
RP24: 6/9/2011 10:33:37 PM - System Checkpoint
RP25: 6/10/2011 11:34:42 PM - System Checkpoint
RP26: 6/12/2011 12:33:37 AM - System Checkpoint
RP27: 6/13/2011 12:52:17 AM - System Checkpoint
RP28: 6/14/2011 1:33:37 AM - System Checkpoint
RP29: 6/15/2011 2:33:37 AM - System Checkpoint
RP30: 6/16/2011 3:00:14 AM - Software Distribution Service 3.0
RP31: 6/17/2011 3:25:08 AM - System Checkpoint
RP32: 6/18/2011 4:25:08 AM - System Checkpoint
RP33: 6/19/2011 5:25:08 AM - System Checkpoint
RP34: 6/20/2011 6:25:08 AM - System Checkpoint
RP35: 6/21/2011 7:25:08 AM - System Checkpoint
RP36: 6/22/2011 8:25:08 AM - System Checkpoint
RP37: 6/23/2011 9:25:08 AM - System Checkpoint
RP38: 6/24/2011 10:25:08 AM - System Checkpoint
RP39: 6/25/2011 11:25:08 AM - System Checkpoint
RP40: 6/26/2011 11:51:15 AM - System Checkpoint
RP41: 6/27/2011 3:00:14 AM - Software Distribution Service 3.0
RP42: 6/28/2011 3:01:22 AM - System Checkpoint
RP43: 6/29/2011 3:00:16 AM - Software Distribution Service 3.0
RP44: 6/30/2011 3:20:51 AM - System Checkpoint
RP45: 7/1/2011 4:20:50 AM - System Checkpoint
RP46: 7/2/2011 5:20:50 AM - System Checkpoint
RP47: 7/3/2011 6:20:51 AM - System Checkpoint
RP48: 7/4/2011 7:20:50 AM - System Checkpoint
RP49: 7/5/2011 8:20:50 AM - System Checkpoint
RP50: 7/6/2011 9:20:51 AM - System Checkpoint
RP51: 7/7/2011 10:20:51 AM - System Checkpoint
RP52: 7/8/2011 10:21:52 AM - System Checkpoint
RP53: 7/9/2011 11:21:51 AM - System Checkpoint
RP54: 7/10/2011 12:21:51 PM - System Checkpoint
RP55: 7/11/2011 1:21:52 PM - System Checkpoint
RP56: 7/12/2011 2:21:51 PM - System Checkpoint
RP57: 7/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP58: 7/14/2011 3:22:59 AM - System Checkpoint
RP59: 7/15/2011 4:22:58 AM - System Checkpoint
RP60: 7/16/2011 5:22:58 AM - System Checkpoint
RP61: 7/17/2011 6:22:58 AM - System Checkpoint
RP62: 7/18/2011 7:22:59 AM - System Checkpoint
RP63: 7/19/2011 8:22:58 AM - System Checkpoint
RP64: 7/20/2011 9:22:58 AM - System Checkpoint
RP65: 7/21/2011 10:22:58 AM - System Checkpoint
RP66: 7/22/2011 11:22:58 AM - System Checkpoint
RP67: 7/23/2011 12:22:58 PM - System Checkpoint
RP68: 7/24/2011 1:22:58 PM - System Checkpoint
RP69: 7/25/2011 2:22:58 PM - System Checkpoint
RP70: 7/26/2011 3:22:58 PM - System Checkpoint
RP71: 7/27/2011 4:22:58 PM - System Checkpoint
RP72: 7/28/2011 5:22:58 PM - System Checkpoint
RP73: 7/29/2011 6:22:58 PM - System Checkpoint
RP74: 7/30/2011 7:22:58 PM - System Checkpoint
RP75: 7/31/2011 8:51:45 PM - System Checkpoint
RP76: 8/1/2011 9:22:58 PM - System Checkpoint
RP77: 8/1/2011 10:20:06 PM - Installed Java(TM) 6 Update 26
RP78: 8/2/2011 10:22:58 PM - System Checkpoint
RP79: 8/3/2011 11:13:45 PM - System Checkpoint
RP80: 8/4/2011 11:22:58 PM - System Checkpoint
RP81: 8/6/2011 12:24:03 AM - System Checkpoint
RP82: 8/7/2011 1:22:58 AM - System Checkpoint
RP83: 8/8/2011 1:24:34 AM - System Checkpoint
RP84: 8/9/2011 2:21:49 AM - System Checkpoint
RP85: 8/10/2011 2:25:25 AM - System Checkpoint
RP86: 8/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP87: 8/11/2011 3:25:08 AM - System Checkpoint
RP88: 8/12/2011 4:25:07 AM - System Checkpoint
RP89: 8/13/2011 5:25:07 AM - System Checkpoint
RP90: 8/14/2011 6:25:07 AM - System Checkpoint
RP91: 8/15/2011 7:25:07 AM - System Checkpoint
RP92: 8/16/2011 8:25:07 AM - System Checkpoint
RP93: 8/17/2011 9:25:07 AM - System Checkpoint
RP94: 8/18/2011 10:25:07 AM - System Checkpoint
RP95: 8/19/2011 11:25:07 AM - System Checkpoint
RP96: 8/20/2011 12:25:07 PM - System Checkpoint
RP97: 8/21/2011 12:57:24 PM - System Checkpoint
RP98: 8/23/2011 2:35:52 AM - System Checkpoint
RP99: 8/23/2011 6:57:34 PM - Installed Samsung_MonSetup
RP100: 8/24/2011 7:07:47 PM - System Checkpoint
RP101: 8/25/2011 3:00:14 AM - Software Distribution Service 3.0
RP102: 8/26/2011 3:56:02 AM - System Checkpoint
RP103: 8/27/2011 4:56:03 AM - System Checkpoint
RP104: 8/28/2011 5:56:03 AM - System Checkpoint
RP105: 8/29/2011 6:56:02 AM - System Checkpoint
RP106: 8/30/2011 7:56:02 AM - System Checkpoint
RP107: 8/31/2011 8:56:03 AM - System Checkpoint
RP108: 9/1/2011 9:56:03 AM - System Checkpoint
RP109: 9/3/2011 3:51:04 AM - System Checkpoint
RP110: 9/4/2011 4:14:24 AM - System Checkpoint
RP111: 9/4/2011 8:32:21 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
3D Home Architect Design Suite Deluxe 8
7-Zip 4.65
AAC Decoder
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Lightroom 2.6
Adobe Reader 9.2
Adobe Shockwave Player 11
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Display Driver
ATI Problem Report Wizard
AutoUpdate
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Browser Configuration Utility
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.1
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CourseSmart Bookshelf
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Energy Saver Advance B8.0711.1
Fraps (remove only)
Google Earth Plug-in
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
H.264 Decoder
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 26
king.com (remove only)
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft SOAP Toolkit 3.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
MKV Splitter
Mozilla Firefox 6.0.1 (x86 en-US)
MS Access 97 SP2
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
MSXML4 Parser
Nero 7 Ultra Edition
neroxml
OpenOffice.org 3.2
PaperPort Image Printer
Picasa 3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Samsung_MonSetup
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SimCity 3000 Unlimited
Skins
Spelling Dictionaries Support For Adobe Reader 9
Starcraft
StarCraft II
SuperMemo UX - Polish Phrase Book
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
VLC media player 1.1.11
WebFldrs XP
WinAce Archiver
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
WinZip 12.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
9/4/2011 9:35:37 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OWNE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B05C1015-FB47-462A-B. The master browser is stopping or an election is being forced.
9/3/2011 3:07:24 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/3/2011 2:47:01 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
9/3/2011 2:45:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sptd
9/3/2011 2:44:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/3/2011 2:43:56 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
9/3/2011 2:39:24 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'szwgiday.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/3/2011 2:39:13 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
9/3/2011 2:39:13 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/3/2011 2:39:11 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
9/3/2011 2:39:11 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
9/3/2011 2:38:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/2/2011 11:09:07 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

0

Every GMER program I save to my desktop will not run, as the block im noting in this thread stops it. If I directly run from your provided link,

GMER automatically logs this:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-04 22:44:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3500320AS rev.SD15
Running: d0jr0oq4[1].exe; Driver: C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pwryqfow.sys


---- Threads - GMER 1.0.15 ----

Thread System [4:108] F7430E80
Thread System [4:112] F7430E80
Thread System [4:116] 8AEA2155
Thread System [4:120] 8AEA2155

---- EOF - GMER 1.0.15 ----


Then it stops, If i press scan, it will run for 15 seconds, and randomly disappear.


Nothing else in the sticky will run for me. I'm out of ideas.

0

No one has any suggestions for me to be able to provide you guys the logs in the sticky?

I don't know what else to attempt.

0

programs like malwarebytes.exe try changing the file name ,like byteme.exe

Edited by caperjack: n/a

0

How do things work out in safe mode with network connection?

safe mode results in the same issues, everything is blocked, anything that isn't quickly gets shut down.


I will try renaiming everything, in order of your stickies, and report back.

0

no luck on renaming, safe mode is still useless.

crappity

0

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

  • * Double-click on the Rkill desktop icon to run the tool.

  • *

If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.


Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

  • * Please download

exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=================================================================

Now try and run the tools you could not run before.

0

Ran Rkill, then ran exehelper..

here is the log from exehelper:

exeHelper by Raktor
Build 20100414
Run at 23:14:38 on 09/06/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

attempting sticky tools now

Edited by Me[kk]A: n/a

0

sticky tools failed once again. And also when running GMER, I got the blue screen. Restarted, and now the GMER that i had just downloaded is also blocked.

0

To add, i went through the list before getting to GMER, tried running everything as they are listed.

one thing i forgot to note, malwarebytes seems to have been running behind the scenes, but i cdnt access it.

the microsoft rootkit scanner, doesnt even install, just a small window opens up to show something extracting, bammo..gone.

0

Try this one;

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.