Jump to content

Programs not opening, or giving errors upon opening, no internet access.


Recommended Posts

I woke up, and, as has been the case a few times in the last month or so, my computer had some strange spyware stuff. I quickly googled the fix for it, and began to scan with MBAM, however, instead of finishing, and letting me cleanup the problem, it closed, and restarted my computer.

On restart it had disabled taskmanager and registry editing, as well as blocking any programs I was trying to run to fix it (AVG/MBAM). Before fixing that I restarted in safemode and did a scan with AVG. It found several problems and removed them.

On entering standard windows again, the same problems persisted. I managed to restore access to my registry and task manager, but that's it so far.

I've been trying to diagnose and fix my problems for the last 3 hours or so, but everytime i've tried a fix, it hasn't worked.

Running MBAM works up until I hit scan. It looks like it's about to start, then closes, and whenever I try to open it again I get the error:

"Windows cannot access the specified device, path, or file. You may no have the appropriate permissions to access the item."

Reinstalling MBAM "fixes" that error, but it just repeats if I try to scan again.

-I read that someone had the same problem, and tried renaming the mbam.exe to winlogon.exe, but this didn't fix my problem.

I cannot be entirely sure, but it seems like I have no access to the internet on that computer (I am using my laptop). AVG will still run, sort of, but it will not update, wont clicking scan does nothing.

I tried installing HJT for a log, but it just wont run, no errors or anything.

I tried downloading Vundofix, and after changing the name to Vundo-fix.exe it ran, but found no errors.

Everytime I restart I see svchast.exe and cvs.exe(I think that's the name), and once or twice I saw a name that I recognized as spyware but don't recall it exactly (braviax?). I use taskmgr to close them, as if I don't I get a different error:

"An error occured, please report the following error code o the Malwarebytes' Anti-Malware support team.

Error code: 702 (0, 453)"

as an error when running MBAM.

I also ran win32kdiag.exe and it sucessfully ran:

--------------------------------------------------------

Log file is located at: D:\Documents and Settings\Cozy Lemon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...

Found mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: D:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 00:56:42 55808 D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 D:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 D:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : D:\WINDOWS\system32\EVGA\EVGA

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

---------------------------------------------------------------------

---------------------------------------------------------------------

I also tried to run peek.bat, but in doing so it briefly flashed on the screen (I am not entirely sure what it said, but it looked like "cannot <something>"), opened an empty log file, and deleted the peek.bat file.

I am running XP-SP3 Home.

Thanks for taking the time to read through all of this!

Link to post
Share on other sites

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

  1. Download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    C:\WINDOWS\system32\logevent.dll| C:\WINDOWS\system32\eventlog.dll


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Link to post
Share on other sites

  1. Download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    C:\WINDOWS\system32\logevent.dll| C:\WINDOWS\system32\eventlog.dll


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

I tried this. The script successfully executes, and the system restarts. I even see the command prompt window appear for a split second, but then all I see is my wallpaper, and when the rest of windows comes back, there is no log file. I tried the exact code you gave me, and again using the D: drive, as that is where my windows installation is.

When I used the D: code, it looked like my computer BSOD'd during bootup after the primary restart.

If it makes any difference, after some work I did yesterday, it seems very likely that I have the braviax virus. It's possible there are others as well, but braviax appeared several places in my registry, and continues to show up even after being deleted from the registry and sys32.

Link to post
Share on other sites

Log file is located at: D:\Documents and Settings\Cozy Lemon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...

Found mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: D:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 00:56:42 55808 D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 D:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 D:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : D:\WINDOWS\system32\EVGA\EVGA

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Cannot access: D:\WINDOWS\system32\svchost.exe

[1] 2004-08-04 00:56:57 14336 D:\WINDOWS\$NtServicePackUninstall$\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:36 14336 D:\WINDOWS\ServicePackFiles\i386\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:36 14336 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:36 14336 D:\WINDOWS\system32\svchost.exe ()

Found mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

Link to post
Share on other sites

ComboFix.exe wont run at all, but when I change to Combo-Fix.exe it does start to boot up, but nothing appears after the loading bar finishes.

If I try to run it again it says

"Error

Some files could not be created.

Please close all applications, reboot Windows and restart this application."

And it hangs with a full loading bar.

I also tried restarting like it asked, and the same result happens when I rerun CF.

I thought it might be avg inhibiting it, so I tried to shutdown avgrsx.exe and avgwdsvc.exe but I can't. avgrsx will just not shut down, and when I try to end process on avgwdsvc, it actually spawns more processes.

Link to post
Share on other sites

  • Staff

Skip ComboFix. We'll come back to it a bit later.

  1. Download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    C:\WINDOWS\system32\logevent.dll| C:\WINDOWS\system32\eventlog.dll


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Link to post
Share on other sites

Skip ComboFix. We'll come back to it a bit later.

  1. Download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    C:\WINDOWS\system32\logevent.dll| C:\WINDOWS\system32\eventlog.dll


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Same problem as before. Executes properly, restarts fine, and I see the cmd window blip up, but then the computer closes it+the desktop vanishes, and it hangs on just the wallpaper for about 30-60s, and when it reappears there is no log file, and avenger doesn't think one exists when I ask to view logfiles.

Do you want me to try running it again with the target being D:\WINDOWS\system32\logevent.dll?

Link to post
Share on other sites

  • Staff

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@Win32kDiag -F -R
del %0

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this: bat_icon.gif

## IMPORTANT ## Place fix.bat next to Win32kDiag.exe

Double click on fix.bat & allow it to run

Post back to tell me what it says

Link to post
Share on other sites

Log file is located at: D:\Documents and Settings\Cozy Lemon\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...

Found mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Found mount point : D:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\addins\addins

Found mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Found mount point : D:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\assembly\temp\temp

Found mount point : D:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\assembly\tmp\tmp

Found mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Found mount point : D:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Config\Config

Found mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : D:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Debug\UserMode\UserMode

Found mount point : D:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ERDNT\ERDNT

Found mount point : D:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ftpcache\ftpcache

Found mount point : D:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\chsime\applets\applets

Found mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : D:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imejp\applets\applets

Found mount point : D:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imejp98\imejp98

Found mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : D:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\shared\res\res

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : D:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\java\classes\classes

Found mount point : D:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\java\trustlib\trustlib

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : D:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\msapps\msinfo\msinfo

Found mount point : D:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\mui\mui

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Found mount point : D:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PIF\PIF

Found mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Found mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : D:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1025\1025

Found mount point : D:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1028\1028

Found mount point : D:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1031\1031

Found mount point : D:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1037\1037

Found mount point : D:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1041\1041

Found mount point : D:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1042\1042

Found mount point : D:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1054\1054

Found mount point : D:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\2052\2052

Found mount point : D:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\3076\3076

Found mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Found mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Found mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Found mount point : D:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\dhcp\dhcp

Found mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: D:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : D:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 00:56:42 55808 D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 D:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 D:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : D:\WINDOWS\system32\EVGA\EVGA

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\EVGA\EVGA

Found mount point : D:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\export\export

Found mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : D:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\sample\sample

Found mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Cannot access: D:\WINDOWS\system32\svchost.exe

Attempting to restore permissions of : D:\WINDOWS\system32\svchost.exe

[1] 2004-08-04 00:56:57 14336 D:\WINDOWS\$NtServicePackUninstall$\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:36 14336 D:\WINDOWS\ServicePackFiles\i386\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:36 14336 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:36 14336 D:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

Found mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : D:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\wbem\mof\good\good

Found mount point : D:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\wins\wins

Found mount point : D:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\xircom\xircom

Found mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Found mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

Link to post
Share on other sites

  • Staff
Cannot access: D:\WINDOWS\system32\svchost.exe

This entry bothers me. It's not typical of this infection to prevent access to svchost.exe

We shall need to take a deeper look into your machine

SRENG.gif

Please download this tool > System Repair Engineer

  1. Extract it to it's own folder & double click SREng.exe to run it
  2. Select 'Smart Scan' & tick "Verify Digital Signatures"
  3. Click on the [Scan] button
  4. When finished, click on the [Save Reports] button & save the log to Desktop
  5. Attach the log in your next reply. Dont post it

Note: You may have to rename SREngLog.log to SREngLog.txt before attaching

Link to post
Share on other sites

Have taskmanager end process on this file - D:\WINDOWS\svchast.exe

After doing that, locate & delete the file manually

Then try Avenger again.

svchast no longer appears on startup, but Avenger is still seeing the same issues as before.

Here's another Win32kdiag log run using the fix.bat file you gave me earlier, taken after removing svchast from my system, as well as a Sreng2 file.

Log file is located at: D:\Documents and Settings\Cozy Lemon\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...

Found mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Found mount point : D:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\addins\addins

Found mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Found mount point : D:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\assembly\temp\temp

Found mount point : D:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\assembly\tmp\tmp

Found mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Found mount point : D:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Config\Config

Found mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : D:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Debug\UserMode\UserMode

Found mount point : D:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ERDNT\ERDNT

Found mount point : D:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ftpcache\ftpcache

Found mount point : D:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\chsime\applets\applets

Found mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : D:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imejp\applets\applets

Found mount point : D:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imejp98\imejp98

Found mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : D:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\ime\shared\res\res

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : D:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\java\classes\classes

Found mount point : D:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\java\trustlib\trustlib

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : D:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\msapps\msinfo\msinfo

Found mount point : D:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\mui\mui

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Found mount point : D:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\PIF\PIF

Found mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Found mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : D:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1025\1025

Found mount point : D:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1028\1028

Found mount point : D:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1031\1031

Found mount point : D:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1037\1037

Found mount point : D:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1041\1041

Found mount point : D:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1042\1042

Found mount point : D:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\1054\1054

Found mount point : D:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\2052\2052

Found mount point : D:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\3076\3076

Found mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Found mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Found mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Found mount point : D:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\dhcp\dhcp

Found mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: D:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : D:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 00:56:42 55808 D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 D:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 D:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : D:\WINDOWS\system32\EVGA\EVGA

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\EVGA\EVGA

Found mount point : D:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\export\export

Found mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : D:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\oobe\sample\sample

Found mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : D:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\wbem\mof\good\good

Found mount point : D:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\wins\wins

Found mount point : D:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\system32\xircom\xircom

Found mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Found mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

SREngLOG.txt

Link to post
Share on other sites

I see this in your SRENG log. Since you mentioned that ComboFix failed to launch on this occasion, I assumed that you must have previously ran it before coming here.

Not for this problem specifically, since I've seen warnings about trying to use it without the appropriate knowledge, but about 8 months ago (I think) I had an infection and was instructed to use it.

Link to post
Share on other sites

  • Staff
How do I check?

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo off
pushd %systemdrive%\
>Logit.txt (
dir /a *
if exist boot.ini type boot.ini
)
START Logit.txt
DEL %0

Save this as peek.bat Choose to "Save type as - All Files"

It should look like this: bat_icon.gif

Double click on peek.bat & allow it to run

Post back to tell me what it says

Link to post
Share on other sites

Volume in drive D has no label.

Volume Serial Number is FC08-A348

Directory of D:\

08/28/2009 09:09 AM <DIR> $AVG8.VAULT$

08/29/2009 03:40 PM <DIR> 32788R22FWJFW

12/07/2008 08:45 PM <DIR> AHCache

08/29/2009 10:52 AM 5,086 Bug.txt

12/11/2008 12:18 AM <DIR> ComboFix

12/09/2008 04:41 PM 15,459 ComboFix.txt

08/24/2009 03:06 AM <DIR> Config.Msi

07/25/2008 04:56 PM <DIR> CSWARE

08/28/2009 11:54 AM <DIR> Documents and Settings

08/29/2009 08:21 AM 166 gfpvfjat.txt

01/05/2008 06:20 PM <DIR> Intel

06/12/2009 11:39 PM 735 IPH.PH

08/29/2009 11:24 AM 0 Logit.txt

01/10/2008 07:49 PM <DIR> MSOCache

02/08/2009 06:15 PM <DIR> Nocturn

08/29/2009 10:35 AM 2,145,386,496 pagefile.sys

08/29/2009 01:10 AM <DIR> Program Files

08/29/2009 08:58 AM <DIR> Qoobox

12/09/2008 11:27 PM <DIR> RECYCLER

08/22/2009 10:28 PM <DIR> Riot Games

12/07/2008 10:55 PM <DIR> rsit

08/29/2009 01:48 AM <DIR> SDFix

08/28/2009 05:00 PM <DIR> System Volume Information

08/29/2009 08:28 AM 166 unsq.txt

08/28/2009 03:15 PM <DIR> VundoFix Backups

08/28/2009 03:27 PM 136 VundoFix.txt

08/29/2009 11:13 AM <DIR> WINDOWS

11/04/2008 12:41 AM 183,430,308 ww

9 File(s) 2,328,838,552 bytes

19 Dir(s) 2,374,475,776 bytes free

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.