Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP!!!! cant fix problems


  • This topic is locked This topic is locked
11 replies to this topic

#1 xXxBEAVISxXx

xXxBEAVISxXx

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 09 November 2009 - 05:01 PM

Hi all. Many thanks in advance.

Yesterday I downloaded a movie and it has F***'d up my computer bigtime. I know my way around computers for the most part but im pulling all my hair out over this one. I have recently upgraded to windows 7 from XP and it is a big change for me.

When i search something on google and go to cick on the link it redie\rects me to advertisements for spyware programs. the only way i can vew anything is if it is cached or i cut and paste the adress into the bar at the top.

I have also been recieving pop-up advertisements every couple minutes or so even when im not browsing. I previously did not have an anti-virus program installed and I know I am a dumb@$$ for that. I installed AVG today and did a scan and it had a couple trojans but it healed them fine.

I also installed Spybot S&D. it installed fine and started scanning then just completely shut down and i have not been able to open it since. Everytime I try and reopen it, windows pops up with a warning saying that i do not have the permissions to access this. I went through the properties and made sure i had all permissions set correctly.

I had used these forums sites before to help get rid of problems on past computers. I read the topic about what to do before posting a HijackThis Log and have ruin into a problem. I downloaded the ddr.scr and tried to run it. the black box appears but nothing happens in it and it shuts down 5 secs later.

If somone could pls walk me through how to solve my self induced problems before i throw this PC off my balcony it would be greatly appreciated, BEAVIS

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:39 AM

Posted 09 November 2009 - 06:58 PM

Try this application then run the DDS scan


Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer or you will have to run it again
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 xXxBEAVISxXx

xXxBEAVISxXx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 09 November 2009 - 07:31 PM

Thanks for the response. I ran the program. the box opened up and it said terminating known malware programs. Then it closed. I tried runnind dds again but it did not work. closed as soon as it opened

#4 xXxBEAVISxXx

xXxBEAVISxXx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 10 November 2009 - 01:24 AM

my problems still exist PLS HELP

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:39 AM

Posted 10 November 2009 - 05:17 PM

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 xXxBEAVISxXx

xXxBEAVISxXx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 10 November 2009 - 05:47 PM

:thumbsup: it looked like it stared working then another error popped up.

AutoIt Error

Line -1:
Error: Variable used without being declared.

#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:39 AM

Posted 11 November 2009 - 06:13 PM

Please download runscanner.zip and save to your desktop.
  • Create a new folder on your hard drive called Runscanner (C:\Runscanner) and extract (unzip) the file there.
    (click here if you're not sure how to do this.)
  • Double-click Runscanner.exe to launch.
  • Select Beginner mode and click Ok.
  • Select Do a full scan and save a log file (default is Full Scan) to start.
  • Please be patient and do not use your computer during the scan.
  • When the scan is complete, a window will open asking you to save runscanner.run. Click Cancel.
  • Another window will open asking you to save runscanner.log.
  • Save it to your desktop and "Save as type: Runscanner log file [*.log].
  • The log file will automatically open in Notepad.
  • Go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
  • Copy and paste the contents of the log file into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
  • Exit Runscanner when done.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If Runscanner did not work, then reply back here.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 xXxBEAVISxXx

xXxBEAVISxXx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 11 November 2009 - 06:48 PM

Hi.

I downloaded the program and followed the steps you said. It started running fine then before it finished Step 1 it just closed like the other programs have. I tried to reopen the program and the "you do not have permission to do this" popped up again. I am getting the feeling that i should just back up all my docs and reformat :thumbsup:

Props goes out to the guy that jacked my comp b/c i am dumbfounded with this one

#9 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:39 AM

Posted 12 November 2009 - 07:38 PM

I am getting the feeling that i should just back up all my docs and reformat

sad.gif

Not quite yet

:trumpet:
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr

==========================

:flowers:

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:thumbsup: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

Edited by garmanma, 12 November 2009 - 07:39 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 xXxBEAVISxXx

xXxBEAVISxXx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 13 November 2009 - 02:28 PM

I previously tried root repeal and it failed like everything else i have tried. i redownloaded it. and tried again. ERROR ERROR ERROR ERROR. Can not read from drive. drivers are missing contact the maker. Changed the slider in options ERROR!! Renamed it to tatertot.scr Could not load driver (0xc0000035)!

Here is the log.txt created by the "cmd"

Volume in drive C is MAIN bleep
Volume Serial Number is 5C35-3828

Directory of C:\Windows\System32

07/13/2009 06:16 PM 175,616 scecli.dll

Directory of C:\Windows\System32

07/13/2009 06:16 PM 563,712 netlogon.dll
2 File(s) 739,328 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483

07/13/2009 06:16 PM 175,616 scecli.dll
1 File(s) 175,616 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8

07/13/2009 06:16 PM 563,712 netlogon.dll
1 File(s) 563,712 bytes

Total Files Listed:
4 File(s) 1,478,656 bytes
0 Dir(s) 56,541,626,368 bytes free


Here is the Log from Win32kdaig

Running from: C:\Users\xBEAVISx\Desktop\Win32kDiag.exe

Log file at : C:\Users\xBEAVISx\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp\ZAP5E64.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp\ZAP8545.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\CSC\v2.0.6\pq

[1] 2009-10-28 21:09:06 64 C:\Windows\CSC\v2.0.6\pq ()



Cannot access: C:\Windows\CSC\v2.0.6\temp\ea-{8cbbc816-c440-11de-9779-fe5c1ef7f325}

[1] 2009-10-28 21:09:06 0 C:\Windows\CSC\v2.0.6\temp\ea-{8cbbc816-c440-11de-9779-fe5c1ef7f325} ()



Found mount point : C:\Windows\DigitalLocker\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\inf\PNRPSvc\0000\0000

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\inf\PNRPSvc\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Logs\SystemRestore\SystemRestore

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\Windows Presentation Foundation

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\audit\audit

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Caches\Caches

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\servicing\SQM\SQM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\3b76b401eda3b5d6fec766fcbbf6bf51\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.16414_none_0c433f5d53682177\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.16414_none_0c433f5d53682177

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\3b76b401eda3b5d6fec766fcbbf6bf51\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.20516_none_0ccedcbc6c83f3ef\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.20516_none_0ccedcbc6c83f3ef

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\3b76b401eda3b5d6fec766fcbbf6bf51\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.1.7600.16414_none_0c443fa753673ace\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.1.7600.16414_none_0c443fa753673ace

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\3b76b401eda3b5d6fec766fcbbf6bf51\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.1.7600.20516_none_0ccfdd066c830d46\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.1.7600.20516_none_0ccfdd066c830d46

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\3b76b401eda3b5d6fec766fcbbf6bf51\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16414_none_0c474085536486d3\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16414_none_0c474085536486d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\3b76b401eda3b5d6fec766fcbbf6bf51\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20516_none_0cd2dde46c80594b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20516_none_0cd2dde46c80594b

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\4f0e002ad47398f1dbfd16ce8ea0f3cb\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16419_none_172e3ee6b2db309f\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16419_none_172e3ee6b2db309f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\4f0e002ad47398f1dbfd16ce8ea0f3cb\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20521_none_17a50975cc0821a2\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20521_none_17a50975cc0821a2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\4f0e002ad47398f1dbfd16ce8ea0f3cb\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16419_none_2e236278fa42a7f6\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16419_none_2e236278fa42a7f6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\4f0e002ad47398f1dbfd16ce8ea0f3cb\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20521_none_2e9a2d08136f98f9\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20521_none_2e9a2d08136f98f9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\4f3861039fbf04d3f06f77e830b09735\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.16432_none_bbb336750919d734\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.16432_none_bbb336750919d734

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\4f3861039fbf04d3f06f77e830b09735\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.20539_none_bc43d5462231285f\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.20539_none_bc43d5462231285f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\5e5ea6f4022be1c1665abd7da27abbf8\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7600.16415_none_c77c1d48067c322c\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7600.16415_none_c77c1d48067c322c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\5e5ea6f4022be1c1665abd7da27abbf8\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7600.20518_none_c808baf11f971dfb\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7600.20518_none_c808baf11f971dfb

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\81c2b9017d842fa02b04d5eee1a57f90\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_2dfdf142fa5f7d16\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_2dfdf142fa5f7d16

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\81c2b9017d842fa02b04d5eee1a57f90\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_2e7bbdd813861f7a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_2e7bbdd813861f7a

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\msil_ehshell_31bf3856ad364e35_6.1.7600.16410_none_8bb359faa2bb4cbd\msil_ehshell_31bf3856ad364e35_6.1.7600.16410_none_8bb359faa2bb4cbd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\msil_ehshell_31bf3856ad364e35_6.1.7600.20508_none_8c4fc901bbc99b4e\msil_ehshell_31bf3856ad364e35_6.1.7600.20508_none_8c4fc901bbc99b4e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16411_none_69569d7fede907be\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16411_none_69569d7fede907be

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.20509_none_69f30c8706f7564f\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.20509_none_69f30c8706f7564f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7600.16402_none_b5e9f9d280092f0e\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7600.16402_none_b5e9f9d280092f0e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7600.20498_none_b6184727996a6534\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7600.20498_none_b6184727996a6534

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.16432_none_abd1ff6644ba805a\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.16432_none_abd1ff6644ba805a

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.20539_none_ac629e375dd1d185\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.20539_none_ac629e375dd1d185

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_0b8bca9cb0348896\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_0b8bca9cb0348896

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_0c186845c94f7465\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_0c186845c94f7465

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7600.16418_none_f3bbbf4defbefb1d\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7600.16418_none_f3bbbf4defbefb1d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7600.20520_none_f43289dd08ebec20\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7600.20520_none_f43289dd08ebec20

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft.mediacenter.playback_31bf3856ad364e35_6.1.7600.16410_none_8cc87e1a25f82b29\x86_microsoft.mediacenter.playback_31bf3856ad364e35_6.1.7600.16410_none_8cc87e1a25f82b29

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft.mediacenter.playback_31bf3856ad364e35_6.1.7600.20508_none_8d64ed213f0679ba\x86_microsoft.mediacenter.playback_31bf3856ad364e35_6.1.7600.20508_none_8d64ed213f0679ba

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2009-07-13 18:15:06 61952 C:\Windows\System32\cngaudit.dll ()

[2] 2009-07-13 18:15:06 12288 C:\Windows\System32\logevent.dll (Microsoft Corporation)

[1] 2009-07-13 18:15:06 12288 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-09 15:12:45 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-11-09 15:12:37 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-11-09 15:12:37 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-11-09 15:12:37 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

[1] 2009-11-09 15:13:08 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat

[1] 2009-11-07 02:32:41 8192 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1

[1] 2009-11-07 02:32:40 5120 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2

[1] 2009-11-07 02:32:40 0 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1b70d0c0-cb32-11de-8158-001731a08103}.TM.blf

[1] 2009-11-07 02:32:40 65536 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1b70d0c0-cb32-11de-8158-001731a08103}.TM.blf ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1b70d0c0-cb32-11de-8158-001731a08103}.TMContainer00000000000000000001.regtrans-ms

[1] 2009-11-07 02:32:40 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1b70d0c0-cb32-11de-8158-001731a08103}.TMContainer00000000000000000001.regtrans-ms ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1b70d0c0-cb32-11de-8158-001731a08103}.TMContainer00000000000000000002.regtrans-ms

[1] 2009-11-07 02:32:40 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1b70d0c0-cb32-11de-8158-001731a08103}.TMContainer00000000000000000002.regtrans-ms ()



Cannot access: C:\Windows\System32\MRT.exe

[1] 2009-11-05 10:36:21 26768832 C:\Windows\System32\MRT.exe ()

[2] 2009-08-28 13:38:22 24689600 C:\System Volume Information\_restore{EA67B05F-8B62-4349-8A54-823F2073B6F3}\RP105\A0027557.exe (Microsoft Corporation)

[2] 2009-02-12 23:30:32 21244864 C:\System Volume Information\_restore{EA67B05F-8B62-4349-8A54-823F2073B6F3}\RP82\A0025320.exe (Microsoft Corporation)



Cannot access: C:\Windows\System32\WerFault.exe

[1] 2009-07-13 18:14:44 360448 C:\Windows\System32\WerFault.exe ()

[1] 2009-07-13 18:14:44 360448 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7600.16385_none_6fdd72c59e1ce6aa\WerFault.exe ()



Found mount point : C:\Windows\Temp\AskBarDis\RSS\RSS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\AskBarDis\upgrade\upgrade

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Vss\Writers\Application\Application

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingDeletes\PendingDeletes

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7600.16385_none_6fdd72c59e1ce6aa\WerFault.exe

[1] 2009-07-13 18:14:44 360448 C:\Windows\System32\WerFault.exe ()

[1] 2009-07-13 18:14:44 360448 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7600.16385_none_6fdd72c59e1ce6aa\WerFault.exe ()





Finished!

#11 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:39 AM

Posted 13 November 2009 - 06:25 PM

Mount point destination : \Device\__max++>\^
You have a very persistent infection.
The best and recommended way to fix this is to reformat and reinstall without backing up or saving any data


If you want to proceed in the HJT forum, post using the logs I just had you create
Give a brief explanation of your problem and let them know that these were all you could run

The HJT forum is extremely busy, so it will take awhile to get to you
Please be patient and good luck

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:39 AM

Posted 15 November 2009 - 11:10 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/271556/massive-infection/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users