Jump to content

Amy Kwon

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Posts posted by Amy Kwon

    "Windows cannot access the specified device, path, or file."

    in Resolved Malware Removal Logs

    Posted

    Yes, sorry, I meant to reply earlier!

    Thank you for sending me a link to ComboFix. I have to take my computer to a repair shop to get it fixed because one of the hinges broke, so I decided to wait and have the guy run the program for me since I don't want to make a mistake and damage anything. I will post the report here when he's done and gives me my computer back, which should hopefully be in the next two weeks. Will post again if it's longer.

    Thank you for all your help!

    "Windows cannot access the specified device, path, or file."

    in Resolved Malware Removal Logs

    Posted

    Oh, and RSIT.exe mentions something about locating HijackThis. I'm wondering if the error message has something to do with the fact that when I try to open HijackThis on my computer, I get an error message that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item." I'm assuming the reason why I can't open HijackThis is because of the malware.

    "Windows cannot access the specified device, path, or file."

    in Resolved Malware Removal Logs

    Posted

    Hello, and thank you for helping me!

    I ran the first program successfully, but the dds.scr program (I downloaded it from the second link because the first and third don't work for me) does not open when I double-click on it. I don't think I have any script-blockers on, and I'm not sure how to disable them if I do.

    Here are the contents of the Win32Diag.txt file:

    Running from: C:\Documents and Settings\Amy\desktop\win32kdiag.exe

    Log file at : C:\Documents and Settings\Amy\Desktop\Win32kDiag.txt

    Removing all found mount points.

    Attempting to reset file permissions.

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...

    Found mount point : C:\WINDOWS\$hf_mig$\KB921398\KB921398

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\$hf_mig$\KB921398\KB921398

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP230.tmp\ZAP230.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP230.tmp\ZAP230.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP83.tmp\ZAP83.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP83.tmp\ZAP83.tmp

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\temp\temp

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\tmp\tmp

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Config\Config

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

    Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

    Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

    Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\shared\res\res

    Found mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\java\classes\classes

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\java\trustlib\trustlib

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Found mount point : C:\WINDOWS\mui\mui

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\mui\mui

    Found mount point : C:\WINDOWS\occache\occache

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\occache\occache

    Found mount point : C:\WINDOWS\Options\CABS\CABS

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Options\CABS\CABS

    Found mount point : C:\WINDOWS\Options\Install\Install

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Options\Install\Install

    Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

    Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\25d72ef1acc6d7256eb94ad3d6a21e9b\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\333d38a385ce9f1af0ec4093ab8f6916\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\333d38a385ce9f1af0ec4093ab8f6916\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4a8541e1aa908c3773c08f02ea0dd518\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4a8541e1aa908c3773c08f02ea0dd518\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7460f39e630456f3a3b7075ade7a3d72\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7460f39e630456f3a3b7075ade7a3d72\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a099dfb7d5d88247579330743c8014f3\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a099dfb7d5d88247579330743c8014f3\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\download\download

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\download\download

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9caa54645105c608ede060e87d38098\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9caa54645105c608ede060e87d38098\backup\backup

    Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Cannot access: C:\WINDOWS\system32\dumprep.exe

    Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

    Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

    Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

    Found mount point : C:\WINDOWS\Temp\Patcher2196\Patcher2196

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Temp\Patcher2196\Patcher2196

    Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Temporary Internet Files

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Temp\Temporary Internet Files\Temporary Internet Files

    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Finished!

    "Windows cannot access the specified device, path, or file."

    in Resolved Malware Removal Logs

    Posted

    Sorry this took me so long to post!

    //////////////////////////////////////////

    Avenger Pre-Processor log

    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 3)

    Wed Dec 23 01:02:33 2009

    01:02:33: Error: Invalid script. A valid script must begin with a command directive.

    Aborting execution!

    //////////////////////////////////////////

    Logfile of The Avenger Version 2.0, © by Swandog46

    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.

    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.

    No rootkits found!

    File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    "Windows cannot access the specified device, path, or file."

    in Resolved Malware Removal Logs

    Posted

    If anyone can help me with this, I would really, really appreciate it:

    My computer has been infected with malware. It keeps showing up as b.exe and msb.exe in the Processes tab on my Windows Task Manager. Every time I close it down, it just keeps popping back up 10 minutes later. I ran my usual antivirus software - Symantec Antivirus - but it couldn't find it. So I downloaded Malwarebytes' Anti-Malware. However, after I installed it and tried to run the program, this error message keeps popping up:

    "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

    I tried reinstalling the program, and then running it while my computer was in Safe Mode, but this didn't work. Also, the same error message pops up when I try to run Symantec. I am assuming the malware is somehow interfering with my computer's ability to run anti-malware software. Tricky bastard.

    I followed the instructions I found in other topics/forums and downloaded HijackThis and RootRepeal. HijackThis gets the same error message, and RootRepeal gets stuck on the Initializing screen and won't open.

    One of the other topics told me to download Win32kDiag.exe. I did, and then ran a scan and it worked fine. I've posted Win32kDiag.txt as an attachment, but I can also post the contents directly if you don't want to download it.

    If anyone has any suggestions, I will gladly take them! Thank you so much!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.