b.exe trojan, can't get rid of it!

Hewlett-packard Mini 110-1020nr netbook
November 17, 2009 at 11:15:04
Specs: Windows XP
First off, I'm on an HP Mini and I use AVG. Yesterday I noticed b.exe running in my task manager and slowing my down, I googled it and found out that it's a trojan. I've tried downloading many different spyware removal programs and such and everytime I try to run them I get a message saying that I do not have permission to run this program, and then the program is deleted off of my computer. I tried to download and run hijackthis so that I could get a scan of everything going on and it won't even let me run the program, it just deletes it. I tried for hours to locate b.exe on my computer with no success. I am able to do a full scan with AVG, but it won't locate the virus. Any one have any suggestions? I'm getting so frustrated and need my computer to do school work. Any help is much appreciated.

See More: b.exe trojan, cant get rid of it!

Report •


#1
November 17, 2009 at 14:33:58
Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.

If nothing happens or if the tool does not run, please let me know in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.

Download RootRepeal from one of the links on the rootrepeal download page. It can be downloaded as a .rar or .zip file which ever you like. If you get a bandwidth problem notice just try another link.


RootRepeal

Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop.
Disable your antivirus, antispyware, and firewalls before continuing or they may block RootRepeal from running properly.
Now run the RootRepeal.exe program by double clicking on it.
On the botton click the Files tab and then click the Scan button
A Select Drives form will open. Select all of your drives by checking the boxes and then click ok.
It will start scanning. It may take a while to finish depending on how many drives, files and folder you have so be patient and wait on it.
When it finishes click “save report” and save at a easy place to locate such as your desktop. Save it as Rrlog.txt.
Place post the log that was produced to the forum.


Report •

#2
November 17, 2009 at 16:22:30
Thank you for your reply. I did the first step, ran win32kdiag.exe, though I don't find the RKill to run to do the next step. Here's what I got from win32kdiag.exe:

Starting up...
Running from: C:\Documents and Settings\Erin Michelle Jordan\Desktop\Win32kDiag.
exe
Log file at : C:\Documents and Settings\Erin Michelle Jordan\Desktop\Win32kDiag.
txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P11.tmp\ZAP11.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P3BA.tmp\ZAP3BA.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P3C0.tmp\ZAP3C0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P411.tmp\ZAP411.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P43E.tmp\ZAP43E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P456.tmp\ZAP456.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P46A.tmp\ZAP46A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P46D.tmp\ZAP46D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P4B8.tmp\ZAP4B8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\000021095110
90400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F2
31838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C6
48A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3
D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary
ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporar
y ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
[1] 2008-04-15 06:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
()

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoi
nt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKU
s
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ConfigDirectory4
20\ConfigDirectory420
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\9482F4B4-E343
-43B6-B170-9A65BC822C77\9482F4B4-E343-43B6-B170-9A65BC822C77
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Do
wnloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4
cd8e9681a7116f902d9\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867
bc25b7dc839d22b07e2\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb
4b094c1caba4c3b1178\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1201b6f74bae1
015eceeea43baed9814\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1f3207366e96c
94d45c070496b08a2d4\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a03
67fcfe17758efab6972\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54
acc7afa27dc26096f4f\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610
206c3fdeaf1ae71345e\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888
b68a08f491655790fa6\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5760d4b301d05
3a8878e2025a64e5970\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6
d9470f0c817d855bb6b\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652
da2d7ace79940460770\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33
978934caa46c49fdc75\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e2
5a8f24bc1e4dfb1970e\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a80966
3c7f480717673587a59\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a30
70aa22efa6c72b3f657\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87
d728c0261686f85c975\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe
4a0a4d814b7943ba906\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce8
5bf37a096f34577ff3a\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e18402
5ba37e5a4ec1d8637e7\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b212
11a5630518d058f48d9\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1
418ba334c3807fa2a23\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba0
3346e8868859fbe2ead\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73e
d7dcd60250b085691a5\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41
b1828615f889a43f7e0\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f447
9a8d252b47e8ec225c8\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba57
09df048e8f2a49cf8a6\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1
a2e63281605463e5e51\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abc
fc5b8494c785a5f3944\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c0148109
6f08117233982ca37f9\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2a
dc1b9109ef4e6cecd1f\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\cleanmgr.exe
[1] 2008-04-15 06:00:00 64000 C:\WINDOWS\system32\cleanmgr.exe ()

Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-15 06:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-15 06:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corpor
ation)

Found mount point : C:\WINDOWS\temp\1798a408-b7c7-4443-bf3e-9be7470b018d\1
798a408-b7c7-4443-bf3e-9be7470b018d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2
.0.0.0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f
7f11d50a3a_2.0.0.0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_
2.0.0.0_x-ww_7d5f3790
Mount point destination : \Device\__max++>\^

Finished! Press any key to exit...


Report •

#3
November 17, 2009 at 16:40:10
I don't know if this makes a difference or not... I realized I ran the scan after closing b.exe from the task manager. Here's a scan with b.exe still running:

Running from: C:\Documents and Settings\Erin Michelle Jordan\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Erin Michelle Jordan\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\ZAP11.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3BA.tmp\ZAP3BA.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C0.tmp\ZAP3C0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP411.tmp\ZAP411.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43E.tmp\ZAP43E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP456.tmp\ZAP456.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46A.tmp\ZAP46A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46D.tmp\ZAP46D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B8.tmp\ZAP4B8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2008-04-15 06:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ConfigDirectory420\ConfigDirectory420

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\9482F4B4-E343-43B6-B170-9A65BC822C77\9482F4B4-E343-43B6-B170-9A65BC822C77

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1f3207366e96c94d45c070496b08a2d4\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5760d4b301d053a8878e2025a64e5970\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\cleanmgr.exe

[1] 2008-04-15 06:00:00 64000 C:\WINDOWS\system32\cleanmgr.exe ()

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-15 06:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-15 06:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\temp\1798a408-b7c7-4443-bf3e-9be7470b018d\1798a408-b7c7-4443-bf3e-9be7470b018d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\64f96ea4-ae3f-4255-a966-f5256fb08089\64f96ea4-ae3f-4255-a966-f5256fb08089

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Mount point destination : \Device\__max++>\^

Finished!


Report •

Related Solutions

#4
November 17, 2009 at 16:44:14
Please run win32kdiag.exe again, with the following command to fix some malware related changes.
Please make sure that a copy of win32kdiag.exe is located on your desktop.

Click on Start->Run, and copy-paste (or type) the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Report •

#5
November 18, 2009 at 08:53:24
Ran Win32KDiag.exe again with the command you provided, here you go:

Running from: C:\Documents and Settings\Erin Michelle Jordan\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Erin Michelle Jordan\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\ZAP11.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\ZAP11.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3BA.tmp\ZAP3BA.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3BA.tmp\ZAP3BA.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C0.tmp\ZAP3C0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C0.tmp\ZAP3C0.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP411.tmp\ZAP411.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP411.tmp\ZAP411.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43E.tmp\ZAP43E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43E.tmp\ZAP43E.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP456.tmp\ZAP456.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP456.tmp\ZAP456.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46A.tmp\ZAP46A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46A.tmp\ZAP46A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46D.tmp\ZAP46D.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46D.tmp\ZAP46D.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B8.tmp\ZAP4B8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B8.tmp\ZAP4B8.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ConfigDirectory420\ConfigDirectory420

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\repair\Backup\ServiceState\ConfigDirectory420\ConfigDirectory420

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\9482F4B4-E343-43B6-B170-9A65BC822C77\9482F4B4-E343-43B6-B170-9A65BC822C77

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\9482F4B4-E343-43B6-B170-9A65BC822C77\9482F4B4-E343-43B6-B170-9A65BC822C77

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1f3207366e96c94d45c070496b08a2d4\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\1f3207366e96c94d45c070496b08a2d4\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5760d4b301d053a8878e2025a64e5970\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5760d4b301d053a8878e2025a64e5970\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-15 06:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-15 06:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\temp\1798a408-b7c7-4443-bf3e-9be7470b018d\1798a408-b7c7-4443-bf3e-9be7470b018d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\1798a408-b7c7-4443-bf3e-9be7470b018d\1798a408-b7c7-4443-bf3e-9be7470b018d

Found mount point : C:\WINDOWS\temp\64f96ea4-ae3f-4255-a966-f5256fb08089\64f96ea4-ae3f-4255-a966-f5256fb08089

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\64f96ea4-ae3f-4255-a966-f5256fb08089\64f96ea4-ae3f-4255-a966-f5256fb08089

Found mount point : C:\WINDOWS\temp\fc15cf3f-0987-4bd9-b07a-9a703e134066\fc15cf3f-0987-4bd9-b07a-9a703e134066

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\fc15cf3f-0987-4bd9-b07a-9a703e134066\fc15cf3f-0987-4bd9-b07a-9a703e134066

Found mount point : C:\WINDOWS\temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\MPTelemetrySubmit\MPTelemetrySubmit

Found mount point : C:\WINDOWS\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\temp

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Finished!


Report •

#6
November 18, 2009 at 14:55:01
We need the other two scans requested in response #1. RSIT and RootRepeal.

Report •

#7
November 18, 2009 at 15:30:39
I downloaded RSIT and RootRepeal, however when I tried to run them they stopped and I received the error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.", same error I receive when trying to run disk cleaner and anti-spyware programs since getting this virus.
AVG was able to detect the following trojans just now: flash-plugin_update.40028.exe, smart-plug-in.45076.exe, flashPlugin-8726.45149.exe, b.exe, d.exe, a.exe. I have all of them in my virus vault, should I keep them there or delete them?

Report •

#8
November 18, 2009 at 15:47:20
Leave them there.

Run RIST and RootRepeal through "Inherit" one at the time and run them, post their logs.

Please download inherit from the following link:

Inherit.exe

Open Windows Explorer and locate the primary .exe of each program you are unable to run. If you used the default installation, they should all be in the C:\Program Files folder. Copy and paste Inherit.exe to the same directory where the file(s) are located. Then drag the program .exe onto Inherit.exe and wait for it to say "OK". When finished click OK. You may then remove Inherit.exe from that directory and move it to the next where you can repeat the "drag & drop" instructions.


Report •

#9
November 18, 2009 at 17:15:36
Using inherit.exe, I'm able to now get the programs to run, but then they will stop and I get the same error message as before, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.".

Report •

#10
November 18, 2009 at 18:01:03
Go to start> control panel> administrative tools> services> scroll down to "Eventlog " and double click it> click stop> ok> click the blue drop down arrow to the far right of "startup type"> click disable> apply> ok.

Exit administrative tools.

Try to run the tools again please.


Report •

#11
November 18, 2009 at 18:41:39
I am unable to click the stop button for eventlog, and it says in the description that it cannot be stopped.

Report •

#12
November 18, 2009 at 19:16:02
Open a command prompt. (Start->Run, type CMD and click OK) At the prompt copy/paste or type following and press Enter after each line:

Copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\
Exit

Go to start> my computer> local disk (c:) and make sure a copy of eventlog.dll is there then continue if it islet me know if it is not as Avenger will not work if the file is not there.


Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

Copy all the text contained in the code box below between the X's to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to move:
C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
Click the Execute button
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


Report •

#13
November 19, 2009 at 14:32:42
I copied and pasted the bold print into CMD and it said the file path wasn't found, there is no eventlog.dll copy in C:\

Report •

#14
November 19, 2009 at 18:39:57
Sorry I'm running late tonight, lets look for a good file to copy. Run the following at the command prompt and post the log please, type this in do not copy/paste. Co to start> run> type in cmd> ok> then at the flashing cursor type in the command then click enter.


DIR /a/s %windir%\eventlog.dll >Log.txt & START notepad Log.txt


Note: the space after DIR, s,dll, txt, & and START are needed.


Report •


Ask Question