Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unknown Infection

  • This topic is locked This topic is locked
2 replies to this topic

#1 Vgolfmaster


  • Members
  • 6 posts
  • Local time:08:03 AM

Posted 02 September 2009 - 12:28 AM

Hi, I started here,


and was requested to post a new topic on this thread.

I corrected redirection issues and blocked program updates with trojan remover, but now have some programs that will start, and then get shut down in process. Once they are killed, if I attempt to reopen them, I get an error that states:

"Windows cannot access the specific device, path or file. You may not have the appropriate permissions to access the item."

I can reinstall the program in order to run it again, but this behavior repeats and I cannot finish malware scans, ect. MalwareBytes showed the same behavior and I was unable to produce a lo, as did hijack this and Spybot S&D.

I did get a rootrepeal log from the previous thread suggestion, but only for drive c 'drivers'. I am now unable to run it again, as it shows the same behavior as described above. I was asked there also to try the DDS script, and it produced no output.

Here is the rootrepeal log:

ROOTREPEAL AD, 2007-2009
Scan Start Time: 2009/09/01 23:25
Program Version: Version
Windows Version: Windows XP SP3

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4CBE000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB864C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2AD8000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xB8460000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xB4A8E000 Size: 61440 File Visible: No Signed: -
Status: -


Any help would be greatly appreciated.

NOTE!!!: AVG just posted this file as quarantined:

Name: Trojan horse generic14.EY
Path: C:\windows\system32\wingenocx.dll

Edited by Vgolfmaster, 02 September 2009 - 12:43 AM.

BC AdBot (Login to Remove)


#2 Vgolfmaster

  • Topic Starter

  • Members
  • 6 posts
  • Local time:08:03 AM

Posted 02 September 2009 - 02:48 PM


Please disregard and close this thread, I am in the process of reformating my hard drive and reinstalling windows.


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,011 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:03 AM

Posted 02 September 2009 - 05:58 PM


Thank you for letting us know. Sometimes a reformat and reinstall is the quickest and best solution. Since you have decided to reformat, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users