Sign In
Create Account
Hello,
I am using a separate computer than the one infected, because the virus is not allowing me to access this website. I am infected with both Windows Police Pro and Total Security. They are preventing me from using any virus or spybot programs. I can use my browser, but am prevented from using certain pages, like Malwarebytes. I am unable to use HijackThis as well. I'm running Windows XP. When I try to run Task Manager, the entire program isn't visible, only the processes tab. I tried to follow instructions in this post: http://www.malwareby...showtopic=23983, but was then unable to open MBAM.
Any help would be greatly appreciated.
0
Unable to run MBAM, any virus protection, and HijackThis
Started by junktrunk, Sep 16 2009 11:09 PM
Back to top
#2
Posted 16 September 2009 - 11:10 PM
-
- Experts
-
- 543 posts
Elite Member
- Gender:Male
- Location:Caribbean
Hi, junktrunk 
Welcome.
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Welcome.
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Unanswered threads for move than five (5) days, will be removed from my subscriptions.
No help throughout a Private Message will be provided.
Please do not post on someone else's thread. it will be removed immediately
If I have helped you, consider making a donation to help me continue the fight against Malware! 
#3
Posted 16 September 2009 - 11:17 PM
-
- Members
-
- 18 posts
New Member
This is what I got:
Quote
Running from: E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.exe
Log file at : E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'E:\WINDOWS'...
Log file at : E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'E:\WINDOWS'...
#4
Posted 16 September 2009 - 11:36 PM
-
- Experts
-
- 543 posts
Elite Member
- Gender:Male
- Location:Caribbean
Allow the program to finish, then post the report.
Unanswered threads for move than five (5) days, will be removed from my subscriptions.
No help throughout a Private Message will be provided.
Please do not post on someone else's thread. it will be removed immediately
If I have helped you, consider making a donation to help me continue the fight against Malware!
#6
Posted 17 September 2009 - 12:02 AM
-
- Experts
-
- 543 posts
Elite Member
- Gender:Male
- Location:Caribbean
Lets try a rootkit detector. Please read these instructions carefully.
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "No", save the log and post back the results.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
Unanswered threads for move than five (5) days, will be removed from my subscriptions.
No help throughout a Private Message will be provided.
Please do not post on someone else's thread. it will be removed immediately
If I have helped you, consider making a donation to help me continue the fight against Malware!
#7
Posted 17 September 2009 - 12:15 AM
-
- Members
-
- 18 posts
New Member
I'm not sure how, but when I restarted my computer I was able to run Win32KDiag, and got this log:
Running from: E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.exe
Log file at : E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'E:\WINDOWS'...
Found mount point : E:\WINDOWS\$hf_mig$\KB972260\KB972260
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP389.tmp\ZAP389.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP468.tmp\ZAP468.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP496.tmp\ZAP496.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2.tmp\ZAPB2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
[1] 2001-08-23 07:00:00 714752 E:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2004-08-04 01:56:52 743936 E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe ()
[1] 2004-08-04 01:56:52 764416 E:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:21 744448 E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\helpsvc.exe (Microsoft Corporation)
Running from: E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.exe
Log file at : E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'E:\WINDOWS'...
Found mount point : E:\WINDOWS\$hf_mig$\KB972260\KB972260
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP389.tmp\ZAP389.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP468.tmp\ZAP468.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP496.tmp\ZAP496.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2.tmp\ZAPB2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
[1] 2001-08-23 07:00:00 714752 E:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2004-08-04 01:56:52 743936 E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe ()
[1] 2004-08-04 01:56:52 764416 E:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:21 744448 E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\helpsvc.exe (Microsoft Corporation)
#8
Posted 17 September 2009 - 12:17 AM
-
- Members
-
- 18 posts
New Member
Thank you for your help, by the way.
#9
Posted 17 September 2009 - 12:32 AM
-
- Experts
-
- 543 posts
Elite Member
- Gender:Male
- Location:Caribbean
Well, that is much better. At least we have identify the problem, but still did not finished. Lets see if we can remove those mountpoints.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. (Allow enough time to run this application) When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.exe" -f -r
Then, please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. (Allow enough time to run this application) When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.exe" -f -r
Then, please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- Tools->Options->Main tab
- During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Double click on combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" .
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
Unanswered threads for move than five (5) days, will be removed from my subscriptions.
No help throughout a Private Message will be provided.
Please do not post on someone else's thread. it will be removed immediately
If I have helped you, consider making a donation to help me continue the fight against Malware!
#10
Posted 17 September 2009 - 12:48 AM
-
- Members
-
- 18 posts
New Member
Thank you. Still working on ComboFix, but here is Win32kDiag log:
Running from: E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.exe
Log file at : E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'E:\WINDOWS'...
Found mount point : E:\WINDOWS\$hf_mig$\KB972260\KB972260
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\$hf_mig$\KB972260\KB972260
Found mount point : E:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\addins\addins
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP389.tmp\ZAP389.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP389.tmp\ZAP389.tmp
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP468.tmp\ZAP468.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP468.tmp\ZAP468.tmp
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP496.tmp\ZAP496.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP496.tmp\ZAP496.tmp
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2.tmp\ZAPB2.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2.tmp\ZAPB2.tmp
Found mount point : E:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\temp\temp
Found mount point : E:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\tmp\tmp
Found mount point : E:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Config\Config
Found mount point : E:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : E:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\chsime\applets\applets
Found mount point : E:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : E:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imejp\applets\applets
Found mount point : E:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imejp98\imejp98
Found mount point : E:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imjp8_1\applets\applets
Found mount point : E:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imkr6_1\applets\applets
Found mount point : E:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : E:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\shared\res\res
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : E:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\java\classes\classes
Found mount point : E:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\java\trustlib\trustlib
Found mount point : E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Found mount point : E:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\msapps\msinfo\msinfo
Found mount point : E:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\mui\mui
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Cannot access: E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
Attempting to restore permissions of : E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Found mount point : E:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PIF\PIF
Found mount point : E:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : E:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\10
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\10
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\msft
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\msft
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\70
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\backup\backup
Found mount point : E:\WINDOWS\SoftwareDistribution\EventCache\EventCache
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\EventCache\EventCache
Found mount point : E:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Found mount point : E:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : E:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : E:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1025\1025
Found mount point : E:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1028\1028
Found mount point : E:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1031\1031
Found mount point : E:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1037\1037
Found mount point : E:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1041\1041
Found mount point : E:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1042\1042
Found mount point : E:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1054\1054
Found mount point : E:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\2052\2052
Found mount point : E:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\3076\3076
Found mount point : E:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\3com_dmi\3com_dmi
Found mount point : E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir
Found mount point : E:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Collab\Collab
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Collab\Collab
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\eBooks\eBooks
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\eBooks\eBooks
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Preferences\Preferences
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Preferences\Preferences
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ESSPXWJ4\ESSPXWJ4
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ESSPXWJ4\ESSPXWJ4
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData\HPAppData
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData\HPAppData
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QSL9MEM6\ak.c.ooyala.com\ak.c.ooyala.com
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QSL9MEM6\ak.c.ooyala.com\ak.c.ooyala.com
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : E:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links
Found mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Acrobat\6.0\Cache\Search\Search
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Acrobat\6.0\Cache\Search\Search
Found mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Found mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My Documents
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My Documents
Found mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My eBooks\My eBooks
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My eBooks\My eBooks
Found mount point : E:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Found mount point : E:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Found mount point : E:\WINDOWS\system32\config\systemprofile\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Recent\Recent
Found mount point : E:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\dhcp\dhcp
Found mount point : E:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\drivers\disdn\disdn
Cannot access: E:\WINDOWS\system32\dumprep.exe
Attempting to restore permissions of : E:\WINDOWS\system32\dumprep.exe
Cannot access: E:\WINDOWS\system32\eventlog.dll
Attempting to restore permissions of : E:\WINDOWS\system32\eventlog.dll
[1] 2001-08-23 07:00:00 47616 E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 01:56:44 55808 E:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 19:11:53 56320 E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 01:56:44 61952 E:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-04 01:56:44 55808 E:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : E:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\export\export
Found mount point : E:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Found mount point : E:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Found mount point : E:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Found mount point : E:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\mui\dispspec\dispspec
Found mount point : E:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Found mount point : E:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\oemcust\oemcust
Found mount point : E:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\oemhw\oemhw
Found mount point : E:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\oemreg\oemreg
Found mount point : E:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\sample\sample
Found mount point : E:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\ShellExt\ShellExt
Found mount point : E:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Found mount point : E:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wbem\mof\bad\bad
Found mount point : E:\WINDOWS\system32\wbem\mof\good\good
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wbem\mof\good\good
Found mount point : E:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wbem\snmp\snmp
Found mount point : E:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wins\wins
Found mount point : E:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\xircom\xircom
Found mount point : E:\WINDOWS\Temp\Adobe\Acrobat\6.0\6.0
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Temp\Adobe\Acrobat\6.0\6.0
Found mount point : E:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM
Found mount point : E:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Found mount point : E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Finished!
Running from: E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.exe
Log file at : E:\Documents and Settings\Jenaveve\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'E:\WINDOWS'...
Found mount point : E:\WINDOWS\$hf_mig$\KB972260\KB972260
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\$hf_mig$\KB972260\KB972260
Found mount point : E:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\addins\addins
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP389.tmp\ZAP389.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP389.tmp\ZAP389.tmp
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP468.tmp\ZAP468.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP468.tmp\ZAP468.tmp
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP496.tmp\ZAP496.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP496.tmp\ZAP496.tmp
Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2.tmp\ZAPB2.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2.tmp\ZAPB2.tmp
Found mount point : E:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\temp\temp
Found mount point : E:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\assembly\tmp\tmp
Found mount point : E:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Config\Config
Found mount point : E:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : E:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\chsime\applets\applets
Found mount point : E:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : E:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imejp\applets\applets
Found mount point : E:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imejp98\imejp98
Found mount point : E:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imjp8_1\applets\applets
Found mount point : E:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imkr6_1\applets\applets
Found mount point : E:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : E:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\ime\shared\res\res
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : E:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\java\classes\classes
Found mount point : E:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\java\trustlib\trustlib
Found mount point : E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Found mount point : E:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\msapps\msinfo\msinfo
Found mount point : E:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\mui\mui
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Found mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Cannot access: E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
Attempting to restore permissions of : E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM
Found mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Found mount point : E:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\PIF\PIF
Found mount point : E:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : E:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\10
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\10
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\msft
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\msft
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\70
Found mount point : E:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\backup\backup
Found mount point : E:\WINDOWS\SoftwareDistribution\EventCache\EventCache
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\EventCache\EventCache
Found mount point : E:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Found mount point : E:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : E:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : E:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1025\1025
Found mount point : E:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1028\1028
Found mount point : E:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1031\1031
Found mount point : E:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1037\1037
Found mount point : E:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1041\1041
Found mount point : E:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1042\1042
Found mount point : E:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\1054\1054
Found mount point : E:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\2052\2052
Found mount point : E:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\3076\3076
Found mount point : E:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\3com_dmi\3com_dmi
Found mount point : E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir
Found mount point : E:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Collab\Collab
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Collab\Collab
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\eBooks\eBooks
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\eBooks\eBooks
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Preferences\Preferences
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\6.0\Preferences\Preferences
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ESSPXWJ4\ESSPXWJ4
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ESSPXWJ4\ESSPXWJ4
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData\HPAppData
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData\HPAppData
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QSL9MEM6\ak.c.ooyala.com\ak.c.ooyala.com
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QSL9MEM6\ak.c.ooyala.com\ak.c.ooyala.com
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : E:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links
Found mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Acrobat\6.0\Cache\Search\Search
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Acrobat\6.0\Cache\Search\Search
Found mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Found mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My Documents
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My Documents
Found mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My eBooks\My eBooks
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My eBooks\My eBooks
Found mount point : E:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Found mount point : E:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Found mount point : E:\WINDOWS\system32\config\systemprofile\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\config\systemprofile\Recent\Recent
Found mount point : E:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\dhcp\dhcp
Found mount point : E:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\drivers\disdn\disdn
Cannot access: E:\WINDOWS\system32\dumprep.exe
Attempting to restore permissions of : E:\WINDOWS\system32\dumprep.exe
Cannot access: E:\WINDOWS\system32\eventlog.dll
Attempting to restore permissions of : E:\WINDOWS\system32\eventlog.dll
[1] 2001-08-23 07:00:00 47616 E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 01:56:44 55808 E:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 19:11:53 56320 E:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 01:56:44 61952 E:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-04 01:56:44 55808 E:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : E:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\export\export
Found mount point : E:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Found mount point : E:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Found mount point : E:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Found mount point : E:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\mui\dispspec\dispspec
Found mount point : E:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Found mount point : E:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\oemcust\oemcust
Found mount point : E:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\oemhw\oemhw
Found mount point : E:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\html\oemreg\oemreg
Found mount point : E:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\oobe\sample\sample
Found mount point : E:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\ShellExt\ShellExt
Found mount point : E:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Found mount point : E:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wbem\mof\bad\bad
Found mount point : E:\WINDOWS\system32\wbem\mof\good\good
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wbem\mof\good\good
Found mount point : E:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wbem\snmp\snmp
Found mount point : E:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\wins\wins
Found mount point : E:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\system32\xircom\xircom
Found mount point : E:\WINDOWS\Temp\Adobe\Acrobat\6.0\6.0
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Temp\Adobe\Acrobat\6.0\6.0
Found mount point : E:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM
Found mount point : E:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Found mount point : E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Finished!
#11
Posted 17 September 2009 - 01:04 AM
-
- Members
-
- 18 posts
New Member
Am actually unable to run Combofix. I have AVG disabled and am unable to open Avira to disable. I have no other virus protection running.
When I try to run ComboFix, I get this iexplorer error:
"The instruction at "0x7c901e76" referenced memory at "0x0000000000". The memory could not be "read"."
And another window pops up that says "Disclaimer of Warranty on Software...."
I followed instructions and redownloaded from given link as Combo-Fix.
When I try to run ComboFix, I get this iexplorer error:
"The instruction at "0x7c901e76" referenced memory at "0x0000000000". The memory could not be "read"."
And another window pops up that says "Disclaimer of Warranty on Software...."
I followed instructions and redownloaded from given link as Combo-Fix.
#12
Posted 17 September 2009 - 01:19 AM
-
- Experts
-
- 543 posts
Elite Member
- Gender:Male
- Location:Caribbean
Are you still transferring files to that computer with a flash drive or have a connection?
Follow the instructions above to download and run (If no rootkit activity is found), GMER.
Follow the instructions above to download and run (If no rootkit activity is found), GMER.
Unanswered threads for move than five (5) days, will be removed from my subscriptions.
No help throughout a Private Message will be provided.
Please do not post on someone else's thread. it will be removed immediately
If I have helped you, consider making a donation to help me continue the fight against Malware!
#13
Posted 17 September 2009 - 01:21 AM
-
- Members
-
- 18 posts
New Member
I am transferring files through a connection with another computer.
#14
Posted 17 September 2009 - 01:25 AM
-
- Members
-
- 18 posts
New Member
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit quick scan 2009-09-16 20:24:07
Windows 5.1.2600 Service Pack 2
Running: oz7qo9dg.exe; Driver: E:\DOCUME~1\Jenaveve\LOCALS~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
Code 89C12148 ZwEnumerateKey
Code 89C12228 ZwFlushInstructionCache
Code 89D4A9F6 ZwSaveKey
Code 89D55466 ZwSaveKeyEx
Code 89D3C9F6 IofCallDriver
Code 8A49D0EE IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Services - GMER 1.0.15 ----
Service E:\WINDOWS\system32\drivers\kbiwkmxdebnalw.sys (*** hidden *** ) [SYSTEM] kbiwkmnwyqryoy <-- ROOTKIT !!!
Service system32\drivers\UACvkalrjrbob.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2009-09-16 20:24:07
Windows 5.1.2600 Service Pack 2
Running: oz7qo9dg.exe; Driver: E:\DOCUME~1\Jenaveve\LOCALS~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
Code 89C12148 ZwEnumerateKey
Code 89C12228 ZwFlushInstructionCache
Code 89D4A9F6 ZwSaveKey
Code 89D55466 ZwSaveKeyEx
Code 89D3C9F6 IofCallDriver
Code 8A49D0EE IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Services - GMER 1.0.15 ----
Service E:\WINDOWS\system32\drivers\kbiwkmxdebnalw.sys (*** hidden *** ) [SYSTEM] kbiwkmnwyqryoy <-- ROOTKIT !!!
Service system32\drivers\UACvkalrjrbob.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
#15
Posted 17 September 2009 - 01:28 AM
-
- Members
-
- 18 posts
New Member
Sorry! Didn't disconnect from internet. Trying again.
#16
Posted 17 September 2009 - 01:30 AM
-
- Experts
-
- 543 posts
Elite Member
- Gender:Male
- Location:Caribbean
Open GMER once again. Locate these services and files (Drivers), right click on these and select "Disable:"
Services:
UACd.sys
kbiwkmnwyqryoy
Files:
E:\WINDOWS\system32\drivers\kbiwkmxdebnalw.sys
E:\WINDOWS\system32\drivers\UACvkalrjrbob.sys
Close GMER and click on Combofix.
Services:
UACd.sys
kbiwkmnwyqryoy
Files:
E:\WINDOWS\system32\drivers\kbiwkmxdebnalw.sys
E:\WINDOWS\system32\drivers\UACvkalrjrbob.sys
Close GMER and click on Combofix.
Unanswered threads for move than five (5) days, will be removed from my subscriptions.
No help throughout a Private Message will be provided.
Please do not post on someone else's thread. it will be removed immediately
If I have helped you, consider making a donation to help me continue the fight against Malware!
#17
Posted 17 September 2009 - 02:04 AM
-
- Members
-
- 18 posts
New Member
I am unsure what happened, but after running GMER, my computer froze, I restarted, and on restart was unable to open most programs. I can use Windows Explorer, but not much else. The Total Protection program is popping up occasionally now.
#18
Posted 17 September 2009 - 02:05 AM
-
- Members
-
- 18 posts
New Member
junktrunk, on Sep 16 2009, 09:04 PM, said:
I am unsure what happened, but after running GMER, my computer froze, I restarted, and on restart was unable to open most programs. I can use Windows Explorer, but not much else. The Total Protection program is popping up occasionally now.
I'm sorry, Total Security program.
#19
Posted 17 September 2009 - 02:12 AM
-
- Experts
-
- 543 posts
Elite Member
- Gender:Male
- Location:Caribbean
That computer is quite infected.
Can you try to run Combofix and\or GMER in Safe Mode and post the report?
Can you try to run Combofix and\or GMER in Safe Mode and post the report?
Unanswered threads for move than five (5) days, will be removed from my subscriptions.
No help throughout a Private Message will be provided.
Please do not post on someone else's thread. it will be removed immediately
If I have helped you, consider making a donation to help me continue the fight against Malware!
#20
Posted 17 September 2009 - 02:17 AM
-
- Members
-
- 18 posts
New Member
JSntgRvr, on Sep 16 2009, 09:12 PM, said:
That computer is quite infected.
Can you try to run Combofix and\or GMER in Safe Mode and post the report?
Can you try to run Combofix and\or GMER in Safe Mode and post the report?
Can you explain how to run the programs in Safe Mode?
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
