Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Re-directs, GMER Fails, Won't allow any anti-virus to run


  • This topic is locked This topic is locked
1 reply to this topic

#1 marcncol

marcncol

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 18 July 2011 - 02:11 PM

Sorry for not being patient. I posted yesterday and nobody has replied. (Sorry, I know you are volunteers, I just thought I would try again with a more descriptive title).

Posted Yesterday, 05:50 PM

Here is a link to my forum topic which resulted in sending me here:
http://www.bleepingcomputer.com/forums/topic409910.html/page__st__15__gopid__2338590#entry2338590

Here are the results from DDS:

DDS (Ver_2011-07-14.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6002.18005
Run by Colleen at 18:39:50 on 2011-07-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2524 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
\\.\globalroot\Device\svchost.exe\svchost.exe
C:\Windows\helppane.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?rls=ig
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080702
mDefault_Page_URL = hxxp://www.google.com/i
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6] <no file>
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ECenter] "c:\dell\e-center\EULALauncher.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CanonSolutionMenu] "c:\program files\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [USB2Check] "c:\windows\system32\rundll32.exe" "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdback~1.lnk - c:\program files\my book\wd backup\uBBMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxps://gianteagle.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://myoffice.na.goodyear.com/+CSCOL+/relayp.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://myoffice.na.goodyear.com/CACHE/stc/10/binaries/vpnweb.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://myoffice.na.goodyear.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxps://gianteagle.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://goodyear.webex.com/client/T27LB/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D06F9C5D-11B7-4583-841E-54FA8FDE19AC} : DHCPNameServer = 192.168.0.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-6 64160]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-17 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-17 309848]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-17 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-17 54104]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-17 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-27 24652]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-17 22:08:35 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-07-17 22:08:35 -------- d-----w- c:\users\colleen\appdata\roaming\FixTDSS
2011-07-17 17:46:15 -------- d-----w- c:\users\colleen\appdata\roaming\Malwarebytes
2011-07-17 17:44:13 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-17 17:44:12 -------- d-----w- c:\programdata\Malwarebytes
2011-07-17 17:44:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-17 17:44:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-17 17:04:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-17 17:04:21 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-17 17:02:52 40112 ----a-w- c:\windows\avastSS.scr
2011-07-17 17:02:30 -------- d-----w- c:\programdata\AVAST Software
2011-07-17 17:02:30 -------- d-----w- c:\program files\AVAST Software
2011-07-17 16:43:37 -------- d-----w- c:\windows\system32\32bit
2011-07-17 14:10:10 -------- d--h--w- c:\programdata\Common Files
2011-07-17 14:09:22 -------- d-----w- c:\programdata\MFAData
2011-07-16 22:32:29 17408 ----a-w- c:\windows\system32\drivers\1214969294.sys
2011-07-14 09:36:25 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-14 09:36:25 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 10:37:19 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-06-29 10:49:19 276992 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M ====================
.
2011-07-17 21:48:00 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-06-27 02:02:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 17:25:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 16:04:00 834048 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 14:15:09 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 18:41:28.33 ===============


Next, I tried to run GMER.exe but get the same message that I have gotten with many of the fixes on the other forum "Windows cannot access the specified device, path or file. You may not have the permissions to access the item."

Any help would be greatly appreciated!!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 18 July 2011 - 04:46 PM

The current average wait time to receive help is 14 days.

To avoid confusion I will close this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users