Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit/bing and google hijack


  • This topic is locked This topic is locked
2 replies to this topic

#1 dubious1

dubious1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 18 October 2009 - 10:02 PM

hi
having trouble with running rootrepeal, hijack this, rootkitrevealer, windows malicious software removal tool, says i dont have the permissions
search engines go everywhere but where i want em to lol /sigh

was told to post a win32kdiag txt here

Running from: C:\Users\John\Desktop\Win32kDiag.exe

Log file at : C:\Users\John\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16919_none_3426e4871c4578dd\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16919_none_3426e4871c4578dd: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.21119_none_34b0597435634be9\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.21119_none_34b0597435634be9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18322_none_35fb513b197a745e\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18322_none_35fb513b197a745e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.22511_none_368ebf8e3290dc07\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.22511_none_368ebf8e3290dc07: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16919_none_12cf71cda28c3451\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16919_none_12cf71cda28c3451: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.21119_none_1358e6babbaa075d\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.21119_none_1358e6babbaa075d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18322_none_14a3de819fc12fd2\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18322_none_14a3de819fc12fd2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22511_none_15374cd4b8d7977b\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22511_none_15374cd4b8d7977b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16919_none_3241e223dcd398af\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16919_none_3241e223dcd398af: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.21119_none_32cb5710f5f16bbb\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.21119_none_32cb5710f5f16bbb: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18322_none_34164ed7da089430\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18322_none_34164ed7da089430: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22511_none_34a9bd2af31efbd9\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22511_none_34a9bd2af31efbd9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16919_none_24e0915264d38aee\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16919_none_24e0915264d38aee: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.21119_none_256a063f7df15dfa\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.21119_none_256a063f7df15dfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18322_none_26b4fe066208866f\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18322_none_26b4fe066208866f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22511_none_27486c597b1eee18\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22511_none_27486c597b1eee18: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16919_none_3d4262f7625d9044\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16919_none_3d4262f7625d9044: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.21119_none_3dcbd7e47b7b6350\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.21119_none_3dcbd7e47b7b6350: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16919_none_da1531e459e90b01\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16919_none_da1531e459e90b01: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.21119_none_da9ea6d17306de0d\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.21119_none_da9ea6d17306de0d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18322_none_dbe99e98571e0682\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18322_none_dbe99e98571e0682: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22511_none_dc7d0ceb70346e2b\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22511_none_dc7d0ceb70346e2b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18828_none_97be9dffeca028c3\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18828_none_97be9dffeca028c3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22918_none_98530ab705b5ac9c\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22918_none_98530ab705b5ac9c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18828_none_72152c3467aecde7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18828_none_72152c3467aecde7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22918_none_72a998eb80c451c0\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22918_none_72a998eb80c451c0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22918_none_e558e658d0bed32f\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22918_none_e558e658d0bed32f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18828_none_572bf29d6d53701d\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18828_none_572bf29d6d53701d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22918_none_57c05f548668f3f6\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22918_none_57c05f548668f3f6: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18828_none_42c21070504ca20e\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18828_none_42c21070504ca20e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22918_none_43567d27696225e7\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22918_none_43567d27696225e7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18828_none_1a01ee5029f95321\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18828_none_1a01ee5029f95321: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22918_none_1a965b07430ed6fa\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22918_none_1a965b07430ed6fa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18828_none_2a7f307da25a6db3\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18828_none_2a7f307da25a6db3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22918_none_2b139d34bb6ff18c\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22918_none_2b139d34bb6ff18c: 3
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-10-18 15:50:56 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-10-18 15:50:41 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-10-18 15:50:41 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-10-18 15:50:41 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\WerFault.exe

[1] 2009-04-10 20:28:11 217088 C:\Windows\System32\WerFault.exe ()

[1] 2006-11-01 23:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

[1] 2008-01-18 21:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-18 21:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe (Microsoft Corporation)

[1] 2008-09-19 18:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)

[1] 2009-04-10 20:28:11 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6002.18005_none_71f295ae39eb1c85\WerFault.exe ()



Cannot access: C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6002.18005_none_71f295ae39eb1c85\WerFault.exe

[1] 2009-04-10 20:28:11 217088 C:\Windows\System32\WerFault.exe ()

[1] 2006-11-01 23:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

[1] 2008-01-18 21:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-18 21:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe (Microsoft Corporation)

[1] 2008-09-19 18:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)

[1] 2009-04-10 20:28:11 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6002.18005_none_71f295ae39eb1c85\WerFault.exe ()





Finished!

thanks for ur time

BC AdBot (Login to Remove)

 


#2 dubious1

dubious1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 19 October 2009 - 08:07 PM

completely ate that computer up so i reinstalled windows thanks for ur time and should i be worried about anything else?

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 20 October 2009 - 07:06 PM

Not if you reinstalled successfully dubious1, thanks for letting us know. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users