computer not functioning right

[ewood100]

one day i turned on my computer as i normally do and everything looked ok, but then i tried to open the internet and this error message popped up:

windows cannot access the specified device, path or file. you may not have the appropriate permissions to access this item.

the only way i can access anything is by right clicking the icon and clicking start instead of open, this is getting really annoying because it will also not allow me to download anything.

thx for helping

[Starbuck]

Hi ewood100 and welcome

 

this is getting really annoying because it will also not allow me to download anything.

Is it just Internet Explorer that's effected or other browsers as well?

 

you may not have the appropriate permissions to access this item.

Are your normal .exe files opening ok, or do you get this message with any program you try to open?

 

Are you getting any other popup messages?

[ewood100]

all downloads dont work from internet explorer and google chrome

and it is the same message popping up for EVERY THING i click, even the buttons in the control panel.

[Goku]

Hello ewood. You seem to be suffering from a malware infestation. Please wait for Starbuck to get back to you as he will advise you with the appropriate instructions. Meanwhile, I will move this in the Malware Forum so that you nobody else can advise you on this matter. :)

 

-- Goku

[Starbuck]

@Goku

Cheers, thanks for that. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

 

---------------

 

Hi ewood100

 

It's become a common thing now for malware to block .exe programs from running or being downloaded, let's see if this is the case and if we can trick it.

 

Please note these programs must be downloaded to the Desktop.

 

Downloads

• Download OTL to your desktop.
  if you have problems, try this download link:
  OTL
  right click on the link and select 'Save Link/Target As'.
   
   
  
• Download OTH to your desktop.
  

right click on the link and select 'Save Link/Traget As'.

 

Open Notepad - it must be Notepad, not Wordpad.

Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles

Go to the Notepad window and click Edit >> Paste

Then click File >> Save

Name the file Scan

Make sure that the Save as Type is set to Text Documents

and save to the Desktop.

 

Run Programs

• Click on the OTH icon to run the program.
   
  http://img.photobucket.com/albums/v708/starbuck50/othelper.png
   
  
• Click on the http://img.photobucket.com/albums/v708/starbuck50/killall.png button.
  Your Desktop will go blank.
  
• Now click on the http://img.photobucket.com/albums/v708/starbuck50/startotl.png button.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png
   
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Double click in the Custom Scans/Fixes window (under the blue bar)
  
• A message box will popup asking if you want to load a custom scan from a file
  
• Select the file you saved earlier (Scan.txt)
  
• Now click on the http://img.photobucket.com/albums/v708/starbuck50/runscan.png button.

 

When the scan has completed, click on the http://img.photobucket.com/albums/v708/starbuck50/IE.png button.

This will load your browser so that you can copy/paste the OTL.txt and Extra.txt reports in your next reply.

Once posted:

Click on the http://img.photobucket.com/albums/v708/starbuck50/reboot.png button to restart your computer.

 

The scans may be quite big, so feel free to add them as attachments.

 

Note:

if you can't download these 2 programs using 'Normal mode' ..... try downloading them in 'Safe Mode with Networking'.

Then boot into normal mode to run them.

 

To reboot your computer in Safe Mode with Networking do the following :

 

* Restart your computer

* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

* Instead of Windows loading as normal, a menu with options should appear;

You will need to use the 'keyboard arrow keys' to navigate on this menu.

* Select the option, to run Windows in Safe Mode with Networking, then press "Enter".

* Then choose your usual account.

Edited March 16, 2010 by Starbuck

[ewood100]

ok thx

but when i open OTH the only two boxes which work are the reboot and kill all processes, the OTL and IE boxes do not bring up anything.

anything i can do?

[Starbuck]

Hi ewood100

 

Just try clicking on the OTL desktop icon and follow the instructions to run OTL as previously posted.

Don't worry about running OTH this time.

We'll see if OTL will run on it's own.

[ewood100]

ok i ran it and attached the results.

Extras.Txt

[Starbuck]

Hi ewood100

 

Thanks for posting the 'Extras.txt'.

Can you also let me have the 'Main.txt'.... there should be a copy on your desktop.

 

 

Thanks

[ewood100]

is this it?

OTL.txt

[Starbuck]

Hi ewood100

 

Ok, now we know what we are dealing with:

 

P2P Warning

 

Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, UTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

 

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

 

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

 

Step 1

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKCU..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
[2010/03/02 20:05:52 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 17:50:50 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\av.exe
[2009/04/12 19:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evan\Application Data\Search Settings

:commands
[emptytemp]
[purity]
[EMPTYFLASH]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on Download_mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware

  [*]Then click Finish.

  [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

  [*]On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.

  [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

  [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  [*]Click OK to close the message box and continue with the removal process.

  [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

  [*]Make sure that everything is checked, and click Remove Selected.

  [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

  [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

  [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

In your next reply, please submit:

Report that comes up after the OTL fix

MBAM scan report

 

 

Thanks.

[ewood100]

i attached the malwarebytes log, but the OTL log never showed up after opening the program when it was finished.

mbam-log-2010-03-16 (21-06-45).txt

[Starbuck]

Hi ewood100

 

Things should be running a lot better now.

 

Let's get an online scan done and have a check for any leftovers;

 

I'd like you to do an ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
   
  
• Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
   
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
    Save it to your desktop.
    
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
    

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

  [*]Accept any security warnings from your browser.

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

  [*]Click the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

  Include the contents of this report in your next reply.

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

I'd still like to see the OTL report that was produced after the fix..... i need to be sure that the whole fix worked.

There should be a copy here:

C:\_OTL\MovedFiles

 

if you open the 'MovedFiles' folder you should see a text document that will probably start: 03162010.....

Click on it to open it and copy and paste the report in your next reply along with the eset scan report.

 

Thanks

Edited March 17, 2010 by Starbuck