Jump to content

Windows cannot access the specified device or path or file.


Recommended Posts

Hi, I read the blog topic made by danibrio, (http://forums.malwarebytes.org/index.php?showtopic=24692), and it seems that I have the exact same problem. I am running on Windows Vista and I noticed in that particular forum post, the moderators mentioned how those particular steps are specifically for his case. I would appreciate if someone could give me step by step instructions on how to get Malware Bytes running on my particular computer so I can resolve this issue, thank you very much in advance guys.

If there is any other information I need to provide to help recognize the issue better, please let me know and I will post it asap.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Hi screen317, thank you so much for helping me with this problem. I ran the TDSSKiller.exe but it reported no threats found so it did not generate a report for me to post. Here is the DDS.txt report that was generated. Thank you once again for helping me with this.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29

Run by arirangtaxi at 16:51:07 on 2011-10-30

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2008.950 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k yksvcs

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\taskeng.exe

C:\Users\arirangtaxi\Desktop\TDSSKiller.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll

TB: {09900DE8-1DCA-443F-9243-26FF581438AF} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C4F711B4-B753-4822-A4CD-AC82D7E6EE2E} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\arirangtaxi\appdata\roaming\mozilla\firefox\profiles\n6nd54cm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111006&q=

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc,

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-29 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-29 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-29 50256]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-20 21504]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\drivers\OA013Ufd.sys [2009-3-6 133632]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\drivers\OA013Vid.sys [2009-3-9 271712]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-26 251728]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-29 40384]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-29 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-29 40384]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-27 05:35:23 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-27 05:31:06 -------- d-----w- c:\users\arirangtaxi\appdata\local\temp

2011-10-27 05:22:29 -------- d-----w- C:\Combo-Fix4534C

2011-10-27 03:14:32 -------- d-----w- C:\Combo-Fix7754C

2011-10-27 03:11:01 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-27 03:07:27 98816 ----a-w- c:\windows\sed.exe

2011-10-27 03:07:27 518144 ----a-w- c:\windows\SWREG.exe

2011-10-27 03:07:27 256000 ----a-w- c:\windows\PEV.exe

2011-10-27 03:07:27 208896 ----a-w- c:\windows\MBR.exe

2011-10-27 03:07:23 -------- d-----w- C:\Combo-Fix

2011-10-27 02:21:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-27 02:20:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-27 00:54:57 -------- d-----w- c:\windows\system32\FixPolicies

2011-10-27 00:44:13 139776 ----a-w- c:\program files\mozilla firefox\fixpolicies\swreg.exe

2011-10-24 00:10:11 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-10-23 19:51:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-23 15:13:03 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2011-10-23 15:13:03 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2011-10-23 15:13:03 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2011-10-23 15:13:03 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2011-10-23 15:13:03 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2011-10-23 15:13:02 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2011-10-23 15:13:02 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2011-10-22 19:02:31 -------- d-----w- c:\users\arirangtaxi\appdata\local\ApplicationHistory

2011-10-22 16:05:33 -------- d-----w- c:\windows\system32\URTTEMP

2011-10-22 15:36:11 -------- d-----w- c:\users\arirangtaxi\appdata\roaming\GetRightToGo

2011-10-06 21:20:59 -------- d-----w- c:\programdata\Premium

2011-10-06 21:20:57 -------- d-----w- c:\programdata\InstallMate

2011-10-05 05:12:23 -------- d-----w- c:\program files\ETS

.

==================== Find3M ====================

.

2011-10-18 03:57:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-16 16:15:15 834048 ----a-w- c:\windows\system32\wininet.dll

2011-08-16 14:20:55 389632 ----a-w- c:\windows\system32\html.iec

2011-08-09 23:19:02 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

.

============= FINISH: 16:51:28.23 ===============

Link to post
Share on other sites

  • Staff

Hi,

I apologize for the extended delay. Not sure how I wasn't notified of your replies.

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.