Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Most Programs not opening, or giving errors upon opening, no internet access.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kadomony

Kadomony

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 28 August 2009 - 07:58 PM

I woke up, and, as has been the case a few times in the last month or so, my computer had some strange spyware stuff. I quickly googled the fix for it, and began to scan with MBAM, however, instead of finishing, and letting me cleanup the problem, it closed, and restarted my computer.

On restart it had disabled taskmanager and registry editing, as well as blocking any programs I was trying to run to fix it (AVG/MBAM). Before fixing that I restarted in safemode and did a scan with AVG. It found several problems and removed them.

On entering standard windows again, the same problems persisted. I managed to restore access to my registry and task manager, but that's it so far.

I've been trying to diagnose and fix my problems for several hours, but everytime i've tried a fix, it hasn't worked.

Running MBAM works up until I hit scan. It gets 2 seconds into the scan then closes, and whenever I try to open it again I get the error:

"Windows cannot access the specified device, path, or file. You may no have the appropriate permissions to access the item."

Reinstalling MBAM "fixes" that error, but it just repeats if I try to scan again.

-I read that someone had the same problem, and tried renaming the mbam.exe to winlogon.exe, but this didn't fix my problem.


I cannot be entirely sure, but it seems like I have no access to the internet on that computer (I am using my laptop to post). AVG will still run, sort of, but it will not update, wont clicking scan does nothing.

I tried installing HJT for a log, but it just wont run, no errors or anything. Renaming doesn't seem to help either.

I also tried using DDS for a log, and while it does start, it doesn't appear to actually be doing anything, and it never pops up with a logfile.

I also tried using RootRepeal, and it attempted to look for everything on my primary drive, but it closed about 10 seconds into the scan, and any attempt to re-run it would give the same error that I got when re-running MBAM.

I tried downloading Vundofix, but after changing the filename to vundo-fix.exe, it ran but discovered no problems.

Everytime I restart I see svchast.exe and cvs.exe, and once I saw a name that I recognized as spyware but don't recall it exactly (began with b? like beriax or something). I use taskmgr to close them, as if I don't I get

"An error occured, please report the following error code o the Malwarebytes' Anti-Malware support team.

Error code: 702 (0, 453)"

as an error when running MBAM.

I also ran win32kdiag.exe and it sucessfully ran:

-------------------------------------------------------------------
Log file is located at: D:Documents and SettingsCozy LemonDesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:WINDOWS'...



Found mount point : D:WINDOWS$hf_mig$KB894391KB894391

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSaddinsaddins

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP38F.tmpZAP38F.tmp

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSassemblytemptemp

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSassemblytmptmp

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSCacheAdobe Reader 6.0.1Adobe Reader 6.0.1

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSConfigConfig

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSConnection WizardConnection Wizard

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSDebugUserModeUserMode

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSERDNTERDNT

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSftpcacheftpcache

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimechsimeappletsapplets

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimeCHTIMEAppletsApplets

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimeimejpappletsapplets

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimeimejp98imejp98

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimeimjp8_1appletsapplets

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimeimkr6_1appletsapplets

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimeimkr6_1dictsdicts

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSimesharedresres

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109411090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109440090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109511090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109711090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109910090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109B10090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109F100A0C00000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed00002109F100C0400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$Managed0DC1503A46F231838AD88BCDDC8E8F7C3.2.307293.2.30729

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$ManagedD7314F9862C648A4DB8BE2A5B47BE1001.0.01.0.0

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSInstaller$PatchCache$ManagedDC3BF90CC0D3D2F398A9A6D1762F70F32.2.307292.2.30729

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSjavaclassesclasses

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSjavatrustlibtrustlib

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET FilesBind LogsBind Logs

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET FilesTemporary ASP.NET Files

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSmsappsmsinfomsinfo

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSmuimui

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHERRORREPQHEADLESQHEADLES

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHERRORREPQSIGNOFFQSIGNOFF

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRBATCHBATCH

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRConfigCheckPointCheckPoint

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRConfigNewsNews

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRHelpFilesHelpFiles

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRInstalledSKUsInstalledSKUs

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRSystemDFSDFS

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRSystem_OEMSystem_OEM

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPCHEALTHHELPCTRTempTemp

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSPIFPIF

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSRegistrationCRMLogCRMLog

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSSoftwareDistributionAuthCabsDownloadedDownloaded

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSSoftwareDistributionDownload555558d2c7916b118ad5baef62b18136backupbackup

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSSoftwareDistributionDownload59fc8f12b80caa991163249076d0bccabackupasms1010

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSSoftwareDistributionDownload59fc8f12b80caa991163249076d0bccabackupasms52msftmsft

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSSoftwareDistributionDownload59fc8f12b80caa991163249076d0bccabackupasms60msftmsft

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSSoftwareDistributionDownload59fc8f12b80caa991163249076d0bccabackupasms7070

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSSunJavaDeploymentDeployment

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3210251025

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3210281028

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3210311031

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3210371037

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3210411041

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3210421042

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3210541054

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3220522052

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem3230763076

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem323com_dmi3com_dmi

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}TempDirTempDir

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileApplication DataAdobeAcrobat9.0CollabCollab

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileApplication DataAdobeAcrobat9.0FormsForms

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileApplication DataAdobeFlash PlayerAssetCacheCDHSKQ2HCDHSKQ2H

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileApplication DataMacromediaFlash Player#SharedObjectsCMKCVNGUCMKCVNGU

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileApplication DataMicrosoftSystemCertificatesMyCertificatesCertificates

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileApplication DataMicrosoftSystemCertificatesMyCRLsCRLs

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileApplication DataMicrosoftSystemCertificatesMyCTLsCTLs

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileFavoritesLinksLinks

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileLocal SettingsApplication DataMicrosoftOfficeGrooveSystemSystem

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileLocal SettingsApplication DataMicrosoftOfficeGrooveUserUser

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileMy DocumentsMy Documents

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileNetHoodNetHood

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofilePrintHoodPrintHood

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32configsystemprofileRecentRecent

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32dhcpdhcp

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32driversdisdndisdn

Mount point destination : Device__max++>^

Cannot access: D:WINDOWSsystem32eventlog.dll

[1] 2004-08-04 00:56:42 55808 D:WINDOWS$NtServicePackUninstall$eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:WINDOWSServicePackFilesi386eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:WINDOWSSoftwareDistributionDownload59fc8f12b80caa991163249076d0bccaeventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 D:WINDOWSsystem32eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 D:WINDOWSsystem32logevent.dll (Microsoft Corporation)



Found mount point : D:WINDOWSsystem32EVGAEVGA

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32exportexport

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32IMECINTLGNTCINTLGNT

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32IMEPINTLGNTPINTLGNT

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32IMETINTLGNTTINTLGNT

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32inetsrvinetsrv

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32LogFilesWUDFWUDF

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32muidispspecdispspec

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32oobehtmlispsgnupispsgnup

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32oobehtmloemcustoemcust

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32oobehtmloemhwoemhw

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32oobehtmloemregoemreg

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32oobesamplesample

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32ShellExtShellExt

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32spoolPRINTERSPRINTERS

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32wbemmofbadbad

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32wbemmofgoodgood

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32winswins

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSsystem32xircomxircom

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSTempSDDLLSSDDLLS

Mount point destination : Device__max++>^

Found mount point : D:WINDOWSWinSxSInstallTempInstallTemp

Mount point destination : Device__max++>^



Finished!

----------------------
---------------------

I also tried to run peek.bat, but in doing so it briefly flashed on the screen (I am not entirely sure what it said, but it looked like "cannot <something>"), opened an empty log file, and deleted the peek.bat file.


after some more investigative work I am quite sure I have the braviax virus. The symptoms match up, and msconfig is showing it in startup programs (and it will replace itself if i turn it off)

I am running XP-SP3 Home.

Thanks for taking the time to read through all of this!

garmanma suggested (in the Am I Infected? What do I do? forum where I originally posted this) I run RSIT to try to get a log. RSIT runs, and shows me the disclaimer screen and allows me to select 1 month and hit Continue, and it looks like it's attempting to start the scan, but as soon as the loading is done, it shuts down, and trying to re-run it gives the same error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Merged posts. ~ OB

Edited by Orange Blossom, 29 August 2009 - 11:58 PM.


BC AdBot (Login to Remove)

 


#2 Kadomony

Kadomony
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 30 August 2009 - 01:38 PM

I'm being assisted on the MBAM forums, this thread can be closed. Thanks!

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 31 August 2009 - 11:59 AM

Thank you for letting us know Kadomony.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users