Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2010 and Security Tool Issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 wdgreen

wdgreen

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 11 October 2009 - 06:45 AM

I have somehow picked up these 2 viruses and am unable to do anything to get rid of them. I have tried Malwarebytes tool and it immediately shuts down when executed. I tried running a Root repeal report and it won't allow that (it immediately shuts it down). I have tried renaming these to hopefully get it them to work, but no such luck. Every spyware removal I have tried (Spypot, Adaware, Superantispyware) is immediately shutdown or I get an error message stating Windows cannot access the specified device, path, or file. I posted this in the "Am I infected" forum and was told to run a Win32Diag, and here's what I got. The moderator there said that it looked like I had a rootkit variant in the log. Hopefully someone can help me get through this nightmare. Thanks so much in advance.


Running from: C:\Documents and Settings\Mitzi\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Mitzi\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14F.tmp\ZAP14F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\DMC1\DMC1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Program Files\DM.0\DM.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\50512592984F2284DAAF236CED4E1F41\8.0.6\8.0.6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\52CB9D6ECBD08634E8A4D7EE0866C19D\8.0.148\8.0.148

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\AC1F0757D610CA645B68DC4746E5BF25\8.0.211\8.0.211

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\FC62732BFB866A144ABE271FF278EF50\8.0.63\8.0.63

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-10 06:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-10 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-10 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\7zS60.tmp\7zS60.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\cs\cs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\da\da

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\de\de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\el\el

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\en\en

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\en-gb\en-gb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\es\es

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\fi\fi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\HTML\HTML

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\it\it

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\nl\nl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\no\no

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\pl\pl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\pt-br\pt-br

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\ru\ru

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\sv\sv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\th\th

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\tr\tr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\zh-cn\zh-cn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis37493f7\2.4.1536.6592\zh-tw\zh-tw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\cs\cs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\da\da

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\de\de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\el\el

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\en\en

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\en-gb\en-gb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\es\es

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\fi\fi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\HTML\HTML

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\it\it

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\nl\nl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\no\no

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\pl\pl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\pt-br\pt-br

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\ru\ru

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\sv\sv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\th\th

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\tr\tr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\zh-cn\zh-cn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisf0b24c2\2.4.1368.5602\zh-tw\zh-tw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Intuit\SpcfLogging\SpcfLogging

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\TempRec\TempSBE\TempSBE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\twain_32\INTEL\DMC1\DMC1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

BC AdBot (Login to Remove)

 


#2 wdgreen

wdgreen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 13 October 2009 - 09:16 AM

FYI. I ended up reloading Windows XP and wiping my hard drive. I am back to normal now. I didn't want anyone wasting time on this problem now. That was one nasty virus(es). Hopefully, these scumbags that put this crap out there will get their just punishment in the end.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:53 AM

Posted 23 October 2009 - 11:28 PM

Thank you for letting us know. Sometimes a reformat and reinstall is the quickest and best solution.

Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users