Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run Gmer, HijackThis,... Please Help


  • Please log in to reply
3 replies to this topic

#1 radgrom

radgrom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 December 2009 - 07:56 AM

I have successfully removed braviax, winupdate86, is2010, and AVR from my nieces laptop (dell INSPIRON E1505). I am now stuck with, I assume, a nasty rootkit.
I was unable to run HijckThis, RootRepeal, GMER, ProcesScanner, ProcMonitor, and anything else that might help rid me of this oracle.
Looking through this forum, I was able to run WIN32KDIAG. I must note that I am only able to do this in SAFEMODE. Here is the log from WIN32KDIAG.
If I have to reformat and reinstall everything, I will say it wouldn't be the first time, but with your help, I hope to kill this bastard.


Running from: C:\Registry First Aid\hht.exe

Log file at : C:\Documents and Settings\BRITTANY\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Prefetch\Prefetch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\11a41d638ef27a23b34b1e497227d8e3\11a41d638ef27a23b34b1e497227d8e3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\244220399f1e120638944fe5a0b5c7e0\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4cddf1f85ad64aea830346cc75b2bb06\sp3gdr\sp3gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\60e28f2fefe55b8867c36eb78f0d8fdc\60e28f2fefe55b8867c36eb78f0d8fdc

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6468021b2765d1cbe95cbb4632ff65b7\6468021b2765d1cbe95cbb4632ff65b7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ba203fc55df79697d61ee240fe4d59fa\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d82e51eccb0eee79bee158752eb20fd5\d82e51eccb0eee79bee158752eb20fd5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9a482c6548f5fe0d3c6095f8a2de4fc\SP2GDR\SP2GDR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1219122088-1987389659-1897203296-1003\S-1-5-21-1219122088-1987389659-1897203296-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Symantec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Bluetooth Software\sync\sync

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\99bbce0eee75\99bbce0eee75

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1219122088-1987389659-1897203296-1003\S-1-5-21-1219122088-1987389659-1897203296-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\Active

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Services\Services

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Musicmatch\Jukebox\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\VoiceCenter\Alarms\Alarms

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\VoiceCenter\Business\Business

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\VoiceCenter\Personal\Personal

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\VoiceCenter\To Do\To Do

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 62464 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 05:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\AskBarDis\RSS\1\Featured\Featured

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\AskBarDis\RSS\1\WhatsHot\WhatsHot

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\AskBarDis\RSS\1\WhatsNew\WhatsNew

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\AskBarDis\upgrade\upgrade

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{00EDB0D6-336A-4DB6-8240-836A8A1E8B06}\{00EDB0D6-336A-4DB6-8240-836A8A1E8B06}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{01099C59-0E04-4B75-8D75-B517B94DE9E2}\{01099C59-0E04-4B75-8D75-B517B94DE9E2}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{024D916A-127A-4042-891A-808EE7D82DF5}\{024D916A-127A-4042-891A-808EE7D82DF5}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{0434C0FD-FF51-41BA-84D7-AD6733009680}\{0434C0FD-FF51-41BA-84D7-AD6733009680}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{07E46655-0AD8-4C13-ABBD-6E2634DAC865}\{07E46655-0AD8-4C13-ABBD-6E2634DAC865}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{10124C26-6E4E-442F-AD37-63273B0AABEE}\{10124C26-6E4E-442F-AD37-63273B0AABEE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{108F9D6F-3742-4428-BD46-34B907EDF4D2}\{108F9D6F-3742-4428-BD46-34B907EDF4D2}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{11880173-8C60-4B5A-8F77-38994ED2A763}\{11880173-8C60-4B5A-8F77-38994ED2A763}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{13FE27EC-992F-4378-88A5-DAADFFFE961B}\{13FE27EC-992F-4378-88A5-DAADFFFE961B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{19A3759B-3206-4770-9DA5-F32BFE9E8D1E}\{19A3759B-3206-4770-9DA5-F32BFE9E8D1E}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{1AEFEBFA-566C-47CB-8869-11B4665A4719}\{1AEFEBFA-566C-47CB-8869-11B4665A4719}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{1B5DDA41-3504-45C8-93AD-5C4A417A1DAB}\{1B5DDA41-3504-45C8-93AD-5C4A417A1DAB}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{1E210425-3B51-4F5C-90B1-D45CC22D1098}\{1E210425-3B51-4F5C-90B1-D45CC22D1098}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{21CBDEB1-036E-46A9-80E1-B4C01E2B06BC}\{21CBDEB1-036E-46A9-80E1-B4C01E2B06BC}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{22ADDA0A-8CEA-4E4B-AD81-42A7337D2F32}\{22ADDA0A-8CEA-4E4B-AD81-42A7337D2F32}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{22C6FF6A-B8B5-4217-9551-0BB176D7F8C9}\{22C6FF6A-B8B5-4217-9551-0BB176D7F8C9}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{28B2F796-6891-4521-AAAB-22972D8C3755}\{28B2F796-6891-4521-AAAB-22972D8C3755}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{28CD50BA-AA2F-4D29-A4B3-85F5FD641E43}\{28CD50BA-AA2F-4D29-A4B3-85F5FD641E43}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{29CA61B6-E8CB-4A20-9AA9-F15F049196C6}\{29CA61B6-E8CB-4A20-9AA9-F15F049196C6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{2C0F0FD9-7988-444D-B9DA-BAF81720EF4F}\{2C0F0FD9-7988-444D-B9DA-BAF81720EF4F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{31092C86-E661-4B94-8D26-2CFB4A331796}\{31092C86-E661-4B94-8D26-2CFB4A331796}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{324E9410-33A8-4AD8-9841-30AB00E5BA16}\{324E9410-33A8-4AD8-9841-30AB00E5BA16}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{32A2CAC4-FF53-4CC6-96B0-76B92FA261F9}\{32A2CAC4-FF53-4CC6-96B0-76B92FA261F9}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{32BB9E94-287A-4535-B5FF-975D14A3F918}\{32BB9E94-287A-4535-B5FF-975D14A3F918}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{39631C09-E792-4E53-A31B-F0A90733D562}\{39631C09-E792-4E53-A31B-F0A90733D562}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{39D1F83D-9629-4C08-A2A8-5369090D7927}\{39D1F83D-9629-4C08-A2A8-5369090D7927}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{456B1790-7BCD-4EDD-B2D1-3C666243AF6B}\{456B1790-7BCD-4EDD-B2D1-3C666243AF6B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4AE8D56E-5627-4790-995A-1DF07FA724F7}\{4AE8D56E-5627-4790-995A-1DF07FA724F7}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4C95C60B-896A-4C6A-A24C-365F7B962586}\{4C95C60B-896A-4C6A-A24C-365F7B962586}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4D5B3E85-0A1A-40D0-AA71-811EDF80F84E}\{4D5B3E85-0A1A-40D0-AA71-811EDF80F84E}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4DA8E9D4-D6E9-4947-82AC-BC2F23A9306F}\{4DA8E9D4-D6E9-4947-82AC-BC2F23A9306F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4FB27CC7-39AD-4F15-BE49-9B247C76D1A0}\{4FB27CC7-39AD-4F15-BE49-9B247C76D1A0}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{52338F65-A1C3-4CDC-B733-50051682B297}\InstCab0\InstCab0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{52338F65-A1C3-4CDC-B733-50051682B297}\InstCab01\InstCab01

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{52DC4C33-0249-4697-A275-81B353F4EFDD}\{52DC4C33-0249-4697-A275-81B353F4EFDD}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{54015528-CC1E-4C5C-9367-013F88881BE7}\{54015528-CC1E-4C5C-9367-013F88881BE7}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{54AA1BA4-C300-4AB5-B9A2-4C0D9002AE49}\{54AA1BA4-C300-4AB5-B9A2-4C0D9002AE49}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{54CCD6F7-DDF9-49C8-8BCC-4DDE357ED7F5}\{54CCD6F7-DDF9-49C8-8BCC-4DDE357ED7F5}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{5BC8B3C5-C506-4A65-AD1F-1344EF73EAA3}\{5BC8B3C5-C506-4A65-AD1F-1344EF73EAA3}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{631F8135-0D9A-4B99-8038-E7DC992A0A57}\{631F8135-0D9A-4B99-8038-E7DC992A0A57}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{64C7797C-E157-46BE-9C0C-4D05E1CD32B8}\{64C7797C-E157-46BE-9C0C-4D05E1CD32B8}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{671839D0-4EF5-4309-8CA5-78FE2278A850}\{671839D0-4EF5-4309-8CA5-78FE2278A850}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{6A66D73A-419D-4435-9BE1-8CE391E6F894}\{6A66D73A-419D-4435-9BE1-8CE391E6F894}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{6AA197A7-2FCE-4946-AEB4-17CECC7EEC7F}\{6AA197A7-2FCE-4946-AEB4-17CECC7EEC7F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{6B25377A-632D-4AC8-98F9-250CD5362197}\{6B25377A-632D-4AC8-98F9-250CD5362197}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{6DA754E5-6777-45EA-AEE0-37649798357E}\{6DA754E5-6777-45EA-AEE0-37649798357E}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{73A0C025-8CED-459D-B2C9-CE9A00AC7B56}\{73A0C025-8CED-459D-B2C9-CE9A00AC7B56}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{774B79D2-24E6-441C-99DC-B73C75C8D576}\{774B79D2-24E6-441C-99DC-B73C75C8D576}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7C5A7F8E-681C-48C4-932A-3C96650DC777}\{7C5A7F8E-681C-48C4-932A-3C96650DC777}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7C5F3665-4A44-4D0A-8D25-570D4E3C1FF8}\{7C5F3665-4A44-4D0A-8D25-570D4E3C1FF8}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7E887F67-0DE2-4F49-B367-350DDD47EF18}\{7E887F67-0DE2-4F49-B367-350DDD47EF18}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{820EF19E-94BD-4AB3-8634-6A7A167CCF55}\{820EF19E-94BD-4AB3-8634-6A7A167CCF55}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{834E535F-7225-40E2-A132-185EED2E5650}\{834E535F-7225-40E2-A132-185EED2E5650}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{83B95505-7F65-46B7-91E2-0EB1FA587021}\{83B95505-7F65-46B7-91E2-0EB1FA587021}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{84EB5688-2124-45C8-803F-71A00B97C75F}\{84EB5688-2124-45C8-803F-71A00B97C75F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{8979F01F-BE70-4703-A197-E97A3FC7CCD6}\{8979F01F-BE70-4703-A197-E97A3FC7CCD6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{8BAA18DF-5689-4B26-857C-E0B7078CC9F3}\{8BAA18DF-5689-4B26-857C-E0B7078CC9F3}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{8BE9BE90-814B-4BE6-AD20-9CB80C95BB02}\{8BE9BE90-814B-4BE6-AD20-9CB80C95BB02}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{8C9E2EEB-B3FF-4CDE-B4C0-8FCF49B8C788}\{8C9E2EEB-B3FF-4CDE-B4C0-8FCF49B8C788}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9A436D22-3EE0-424B-AAE9-C5045211EB8E}\{9A436D22-3EE0-424B-AAE9-C5045211EB8E}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9AEA1BA7-7560-491B-9CD7-D51791914281}\{9AEA1BA7-7560-491B-9CD7-D51791914281}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9AF75E78-E075-4027-BE7E-07CD24E22E61}\{9AF75E78-E075-4027-BE7E-07CD24E22E61}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9B242767-4F9E-4FC3-AB26-18F5F91BD354}\{9B242767-4F9E-4FC3-AB26-18F5F91BD354}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9BD54330-A695-473E-AE98-3E587274B5D6}\{9BD54330-A695-473E-AE98-3E587274B5D6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9CCC28DD-91C3-4AA8-9622-88F0D893396E}\{9CCC28DD-91C3-4AA8-9622-88F0D893396E}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9FF5B2CB-16FF-46C7-84EF-12CFBF259C9B}\{9FF5B2CB-16FF-46C7-84EF-12CFBF259C9B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{A444D8F3-6FF1-40C6-8E22-2320F001EBB4}\{A444D8F3-6FF1-40C6-8E22-2320F001EBB4}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{A9C1FA91-4C2C-402E-91D9-BB9F6086B43D}\{A9C1FA91-4C2C-402E-91D9-BB9F6086B43D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{A9D7D6FF-A3C7-4934-B827-18CA4E87A398}\{A9D7D6FF-A3C7-4934-B827-18CA4E87A398}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AA108AD0-AB10-44E9-BDF7-D24F71A180CB}\{AA108AD0-AB10-44E9-BDF7-D24F71A180CB}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AB6ECB7C-EAB8-45F0-BDB9-8030415CF3BB}\{AB6ECB7C-EAB8-45F0-BDB9-8030415CF3BB}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AB9A70AB-B73F-4C32-91B9-CA1909C9ED05}\{AB9A70AB-B73F-4C32-91B9-CA1909C9ED05}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AC0A8093-142D-4ECB-9EB1-C06005A0AB11}\{AC0A8093-142D-4ECB-9EB1-C06005A0AB11}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AC7DE5A1-53FF-41A6-B683-CE97D5F097C4}\{AC7DE5A1-53FF-41A6-B683-CE97D5F097C4}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AF10C8CE-8ECD-43F5-8FAA-55FECAE9031D}\{AF10C8CE-8ECD-43F5-8FAA-55FECAE9031D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{B0ECC946-70BC-41F1-8234-9C006802D66B}\{B0ECC946-70BC-41F1-8234-9C006802D66B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{B112E168-545A-4160-9819-A73AFCF0726C}\{B112E168-545A-4160-9819-A73AFCF0726C}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{B27AC607-0F0A-46E7-ABBA-D8354F662FEA}\{B27AC607-0F0A-46E7-ABBA-D8354F662FEA}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{B4D00624-CA0E-4B2F-AC5C-C5BB3FE61642}\{B4D00624-CA0E-4B2F-AC5C-C5BB3FE61642}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{BA0504E3-38E3-4FA6-8889-05B209EC4BBD}\{BA0504E3-38E3-4FA6-8889-05B209EC4BBD}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{BF3A9B99-7B14-4554-A09D-90AD7800B3CA}\{BF3A9B99-7B14-4554-A09D-90AD7800B3CA}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{C4F9DD5B-AFEF-429B-996E-6531985FD1F1}\{C4F9DD5B-AFEF-429B-996E-6531985FD1F1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{C80993A3-41D1-4C88-B39B-2AA3B72B5C61}\{C80993A3-41D1-4C88-B39B-2AA3B72B5C61}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{C95CF0E3-50AC-4B65-A751-23CE2B09EAD9}\{C95CF0E3-50AC-4B65-A751-23CE2B09EAD9}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{CF325F0B-097A-42EB-B78A-E07EE8C03FCF}\{CF325F0B-097A-42EB-B78A-E07EE8C03FCF}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{D027E5DB-82B4-4EE9-A06E-CC5FB1C20E89}\{D027E5DB-82B4-4EE9-A06E-CC5FB1C20E89}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{D028E9FA-6B0B-41D5-ACFB-18E0DDDEC204}\{D028E9FA-6B0B-41D5-ACFB-18E0DDDEC204}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{D1952FA3-5BDA-470B-B400-CFAE33412C6C}\{D1952FA3-5BDA-470B-B400-CFAE33412C6C}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{D300D2A4-183D-4A6D-800E-EF4789599D79}\{D300D2A4-183D-4A6D-800E-EF4789599D79}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{D4D9B1B9-3912-4A77-8892-2486EE874001}\{D4D9B1B9-3912-4A77-8892-2486EE874001}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{D6A7DCC7-8466-4AC3-96A9-46EFB425BBF6}\{D6A7DCC7-8466-4AC3-96A9-46EFB425BBF6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{DA3439B1-FD0D-451F-A1E9-D12F7454EDB0}\{DA3439B1-FD0D-451F-A1E9-D12F7454EDB0}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{DA42C742-03B8-4A83-BA56-B69A74D7B20E}\{DA42C742-03B8-4A83-BA56-B69A74D7B20E}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{DC4C8898-7F33-4A5F-A1E6-B2DFBE6E4906}\{DC4C8898-7F33-4A5F-A1E6-B2DFBE6E4906}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{DD048D78-FAAF-4624-B421-07F9794E42CA}\{DD048D78-FAAF-4624-B421-07F9794E42CA}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{DDB0F429-33AE-4CFF-BDF7-E7800539024D}\{DDB0F429-33AE-4CFF-BDF7-E7800539024D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{E000A9C5-D241-4093-B495-69449918640D}\{E000A9C5-D241-4093-B495-69449918640D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{E20DBE54-949E-4D2E-B0D2-3594EAAB651B}\{E20DBE54-949E-4D2E-B0D2-3594EAAB651B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{E2561027-ECE2-485E-87A4-04B3C4BE681E}\{E2561027-ECE2-485E-87A4-04B3C4BE681E}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{E4F4586A-80E4-4EBE-A22E-1ED288AF2967}\{E4F4586A-80E4-4EBE-A22E-1ED288AF2967}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{E7193FE4-C2CA-4B19-9071-C2BEB2B933CF}\{E7193FE4-C2CA-4B19-9071-C2BEB2B933CF}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{EAE2049B-0D5A-4CE7-8BF9-41A490159C63}\{EAE2049B-0D5A-4CE7-8BF9-41A490159C63}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{ED66C520-EEA8-4345-902C-823E7268D9BD}\{ED66C520-EEA8-4345-902C-823E7268D9BD}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{F0F6D3B3-D091-4C40-B8D0-0413E80B605D}\{F0F6D3B3-D091-4C40-B8D0-0413E80B605D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{F17A840B-A1B1-405C-B63E-D5A4A51D7B90}\{F17A840B-A1B1-405C-B63E-D5A4A51D7B90}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{F3334D55-AD99-4909-A842-6EBB3FFE34A1}\{F3334D55-AD99-4909-A842-6EBB3FFE34A1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{F823ACF3-0D53-4AFE-A4A6-1F7D60202740}\{F823ACF3-0D53-4AFE-A4A6-1F7D60202740}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{F9665E06-0618-4BF5-AC78-CDCA45DB395B}\{F9665E06-0618-4BF5-AC78-CDCA45DB395B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{FFA04455-8C4C-419D-A27C-FA86759DEF20}\{FFA04455-8C4C-419D-A27C-FA86759DEF20}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

BC AdBot (Login to Remove)

 


#2 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:01:16 AM

Posted 18 December 2009 - 08:46 AM

Have you tried to use malwarebytes? or use avast Antivirus and do a full boot scan ?? both would more then likely fine your "rootkit"
Microsoft Certified Desktop Support Technician

#3 radgrom

radgrom
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 December 2009 - 08:49 AM

I am unable to run malwarebytes, I will try avast.

#4 minipabs

minipabs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 14 July 2010 - 04:17 PM

I'm a newbie :thumbsup:
I removed Antivirus 7 a few weeks back on my laptop, but it is still acting wierd. I was trying to perform a thourough check, but my lap top has shut down while running gmer. The second time I tried, it appears to be frozen. What do I do?
Windows XP Service Pack 3 (lenovo laptop)
Already ran rkill and malware bites before going thru "prep guide for use before using malware removal tools..."
Do I restart in safemode? by shutting down my computer, my Anitvirus (McAfee Anitvirus Plus) will restart on startup...
Please advise.
Thank you so much
~Minipabs




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users