Amy Kwon
Members-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Amy Kwon
-
Yes, sorry, I meant to reply earlier! Thank you for sending me a link to ComboFix. I have to take my computer to a repair shop to get it fixed because one of the hinges broke, so I decided to wait and have the guy run the program for me since I don't want to make a mistake and damage anything. I will post the report here when he's done and gives me my computer back, which should hopefully be in the next two weeks. Will post again if it's longer. Thank you for all your help!
-
Oh, and RSIT.exe mentions something about locating HijackThis. I'm wondering if the error message has something to do with the fact that when I try to open HijackThis on my computer, I get an error message that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item." I'm assuming the reason why I can't open HijackThis is because of the malware.
-
Hello, and thank you for helping me! I ran the first program successfully, but the dds.scr program (I downloaded it from the second link because the first and third don't work for me) does not open when I double-click on it. I don't think I have any script-blockers on, and I'm not sure how to disable them if I do. Here are the contents of the Win32Diag.txt file: Running from: C:\Documents and Settings\Amy\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Amy\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB921398\KB921398 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB921398\KB921398 Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP230.tmp\ZAP230.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP230.tmp\ZAP230.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP83.tmp\ZAP83.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP83.tmp\ZAP83.tmp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\mui\mui Found mount point : C:\WINDOWS\occache\occache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\occache\occache Found mount point : C:\WINDOWS\Options\CABS\CABS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Options\CABS\CABS Found mount point : C:\WINDOWS\Options\Install\Install Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Options\Install\Install Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\333d38a385ce9f1af0ec4093ab8f6916\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\333d38a385ce9f1af0ec4093ab8f6916\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4a8541e1aa908c3773c08f02ea0dd518\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4a8541e1aa908c3773c08f02ea0dd518\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7460f39e630456f3a3b7075ade7a3d72\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7460f39e630456f3a3b7075ade7a3d72\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a099dfb7d5d88247579330743c8014f3\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a099dfb7d5d88247579330743c8014f3\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\download\download Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\download\download Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9caa54645105c608ede060e87d38098\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9caa54645105c608ede060e87d38098\backup\backup Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Cannot access: C:\WINDOWS\system32\dumprep.exe Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit Found mount point : C:\WINDOWS\Temp\Patcher2196\Patcher2196 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\Patcher2196\Patcher2196 Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Temporary Internet Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\Temporary Internet Files\Temporary Internet Files Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Finished!
-
Sorry this took me so long to post! ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Wed Dec 23 01:02:33 2009 01:02:33: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate.
-
If anyone can help me with this, I would really, really appreciate it: My computer has been infected with malware. It keeps showing up as b.exe and msb.exe in the Processes tab on my Windows Task Manager. Every time I close it down, it just keeps popping back up 10 minutes later. I ran my usual antivirus software - Symantec Antivirus - but it couldn't find it. So I downloaded Malwarebytes' Anti-Malware. However, after I installed it and tried to run the program, this error message keeps popping up: "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item." I tried reinstalling the program, and then running it while my computer was in Safe Mode, but this didn't work. Also, the same error message pops up when I try to run Symantec. I am assuming the malware is somehow interfering with my computer's ability to run anti-malware software. Tricky bastard. I followed the instructions I found in other topics/forums and downloaded HijackThis and RootRepeal. HijackThis gets the same error message, and RootRepeal gets stuck on the Initializing screen and won't open. One of the other topics told me to download Win32kDiag.exe. I did, and then ran a scan and it worked fine. I've posted Win32kDiag.txt as an attachment, but I can also post the contents directly if you don't want to download it. If anyone has any suggestions, I will gladly take them! Thank you so much!