Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Enables Safe Browsing Support in Android's WebView Browser

Featured Deal: Get 92% off a Microsoft Azure Mastery Bundle Deal

Photo

Browser Hijack Problem [Moved]

Started by jedijfo , Sep 23 2009 09:44 AM

  • Please log in to reply
4 replies to this topic

#1 jedijfo

jedijfo

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 23 September 2009 - 09:44 AM

Hello - I have found a serious problem when doing my weekly SPYBOT cleaning recently (on Windows XP Pro- SP3)

1. Spybot Search and Destroy found a Trojan virus in 16 locations, but when I tried to clean them, Spybot crashed and gave an error message
2. I tried Hijack This ; it ran for a short time and then crashed
3. After crashing these programs were restarted and both gave the error message "Windows cannot find the specified device,path or file. You may not have the appropriate permissions to access the item"
4. I am using MacAfee and Windows Firewall. Macafee indicates it cannot run because it cannot get the scan progress.
4. Google - Yahoo seemed hijacked and go to random sites on searches results.

One other point Hijack This now shows a size of 76,000 MB in the control panel (add/remove)

Any suggestions appreciated.

thanks,
Jack

PS. Just found out (using A-Squared) that the virus name appears to be Gen.Trojan!IK

Edited by jedijfo, 23 September 2009 - 01:00 PM.

BC AdBot (Login to Remove)

 

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:30 AM

Posted 24 September 2009 - 07:52 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
    •  
  • Location:Cleveland, Ohio
  • Local time:03:30 AM

Posted 25 September 2009 - 03:22 PM

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 jedijfo

jedijfo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 25 September 2009 - 10:40 PM

Thanks.. here are the logs

Running from: C:\Documents and Settings\Jack\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Jack\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP100.tmp\ZAP100.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP115.tmp\ZAP115.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11B.tmp\ZAP11B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP124.tmp\ZAP124.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP128.tmp\ZAP128.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP138.tmp\ZAP138.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15D.tmp\ZAP15D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP161.tmp\ZAP161.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP175.tmp\ZAP175.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP194.tmp\ZAP194.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F8.tmp\ZAP1F8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22D.tmp\ZAP22D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E8.tmp\ZAP2E8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F9.tmp\ZAP2F9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP34E.tmp\ZAP34E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP354.tmp\ZAP354.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP368.tmp\ZAP368.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP380.tmp\ZAP380.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A5.tmp\ZAP3A5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AF.tmp\ZAP3AF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP410.tmp\ZAP410.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP487.tmp\ZAP487.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP49F.tmp\ZAP49F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP526.tmp\ZAP526.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP542.tmp\ZAP542.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP57E.tmp\ZAP57E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5B6.tmp\ZAP5B6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5FB.tmp\ZAP5FB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP62.tmp\ZAP62.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP64D.tmp\ZAP64D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP66C.tmp\ZAP66C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP77.tmp\ZAP77.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP787.tmp\ZAP787.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7AB.tmp\ZAP7AB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP833.tmp\ZAP833.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP880.tmp\ZAP880.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8BF.tmp\ZAP8BF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA55.tmp\ZAPA55.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5A.tmp\ZAPA5A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE6.tmp\ZAPE6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0\Adobe Reader 6.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\50512592984F2284DAAF236CED4E1F41\8.0.6\8.0.6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\52CB9D6ECBD08634E8A4D7EE0866C19D\8.0.148\8.0.148

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\AC1F0757D610CA645B68DC4746E5BF25\8.0.211\8.0.211

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\FC62732BFB866A144ABE271FF278EF50\8.0.63\8.0.63

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RedistList\RedistList

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSignoff\QSignoff

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

[1] 2004-08-04 03:56:50 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 03:56:42 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\cs\cs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\da\da

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\de\de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\el\el

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\en\en

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\en-gb\en-gb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\es\es

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\fi\fi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\HTML\HTML

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\it\it

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\nl\nl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\no\no

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\pl\pl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\pt-br\pt-br

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\ru\ru

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\sv\sv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\th\th

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\tr\tr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\zh-cn\zh-cn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis2df88507\2.4.1536.6592\zh-tw\zh-tw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00041\MCE00041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00042\MCE00042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00043\MCE00043

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00044\MCE00044

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00045\MCE00045

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00046\MCE00046

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00047\MCE00047

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00048\MCE00048

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00049\MCE00049

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00050\MCE00050

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00051\MCE00051

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00052\MCE00052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00053\MCE00053

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00054\MCE00054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00055\MCE00055

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00056\MCE00056

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00057\MCE00057

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00058\MCE00058

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00059\MCE00059

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00060\MCE00060

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00061\MCE00061

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00062\MCE00062

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00063\MCE00063

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00064\MCE00064

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00065\MCE00065

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00066\MCE00066

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00067\MCE00067

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00068\MCE00068

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00069\MCE00069

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00070\MCE00070

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00071\MCE00071

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00072\MCE00072

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00073\MCE00073

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00074\MCE00074

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00075\MCE00075

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00076\MCE00076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00077\MCE00077

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00078\MCE00078

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00079\MCE00079

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00080\MCE00080

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00081\MCE00081

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00082\MCE00082

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00083\MCE00083

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00084\MCE00084

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00085\MCE00085

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00086\MCE00086

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00087\MCE00087

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00088\MCE00088

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00089\MCE00089

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00090\MCE00090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW0\VSW0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW1\VSW1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW10\VSW10

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW11\VSW11

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW12\VSW12

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW2\VSW2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW3\VSW3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW4\VSW4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW5\VSW5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW6\VSW6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW7\VSW7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW8\VSW8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VSW9\VSW9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\USB\USB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790

Mount point destination : \Device\__max++>\^



Finished!


Volume in drive C is Main Disk1
Volume Serial Number is A836-BDD7

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:11 PM 61,952 eventlog.dll
3 File(s) 650,240 bytes

Directory of C:\WINDOWS\system32\dllcache

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
12 File(s) 2,582,528 bytes
0 Dir(s) 51,833,257,984 bytes free

#5 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
    •  
  • Location:Cleveland, Ohio
  • Local time:03:30 AM

Posted 26 September 2009 - 05:58 PM

Now that you were successful in creating Those logs you need to post them in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that these logs were all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·