GeekMom Posted October 3, 2009 ID:137250 Share Posted October 3, 2009 I am unable to run Hijack This. It says I do not have permission. I downloaded the win32kdiag.exe and here are my results. I have been battling this virus for several weeks.ThanksRunning from: C:\Users\Becca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2NJXF31\Win32kDiag[1].exeLog file at : C:\Users\Becca\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\Windows'...Found mount point : C:\Windows\AppPatch\Custom\CustomMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7D97.tmp\ZAP7D97.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ehome\CreateDisc\style\styleMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Globalization\GlobalizationMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Help\Corporate\CorporateMount point destination : \Device\__max++>\^Found mount point : C:\Windows\inf\en-US\en-USMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\java\classes\classesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\LiveKernelReports\LiveKernelReportsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Microsoft.NET\authman\authmanMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Minidump\MinidumpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ModemLogs\ModemLogsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\msdownld.tmp\msdownld.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\nap\configuration\configurationMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Panther\setup.exe\setup.exeMount point destination : \Device\__max++>\^Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLESMount point destination : \Device\__max++>\^Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFFMount point destination : \Device\__max++>\^Found mount point : C:\Windows\PIF\PIFMount point destination : \Device\__max++>\^Found mount point : C:\Windows\PLA\Templates\TemplatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\pss\pssMount point destination : \Device\__max++>\^Found mount point : C:\Windows\registration\CRMLog\CRMLogMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SchCache\SchCacheMount point destination : \Device\__max++>\^Found mount point : C:\Windows\security\logs\logsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\security\templates\templatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorerMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAVMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center ProgramsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick LaunchMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\CertificatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description DocumentsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\RecentMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\TemplatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\DesktopMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\DocumentsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\DownloadsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\FavoritesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\LinksMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\MusicMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\PicturesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved GamesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\VideosMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorerMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPDMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center ProgramsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick LaunchMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\CertificatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\RecentMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\TemplatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\DesktopMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\DocumentsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\DownloadsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\FavoritesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\LinksMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\MusicMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\PicturesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved GamesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\VideosMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\DownloadedMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\1d2965af3b0981ed4711ff27dd3e27c6\$dpx$.tmp\$dpx$.tmpMount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\1d2965af3b0981ed4711ff27dd3e27c6\x86_microsoft-windows-grouppolicy-license_31bf3856ad364e35_6.0.6001.18000_none_35e0fc025476b201\x86_microsoft-windows-grouppolicy-license_31bf3856ad364e35_6.0.6001.18000_none_35e0fc025476b201: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\1d2965af3b0981ed4711ff27dd3e27c6\x86_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_6.0.6001.18000_none_dede558de7a708bd\x86_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_6.0.6001.18000_none_dede558de7a708bd: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440: 3Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9: 3Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085dMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fbMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCacheMount point destination : \Device\__max++>\^Found mount point : C:\Windows\System32\0409\0409Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\System32\Branding\en-US\en-USMount point destination : \Device\__max++>\^Found mount point : C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}Mount point destination : \Device\__max++>\^Cannot access: C:\Windows\System32\cngaudit.dll Link to post Share on other sites More sharing options...
Staff screen317 Posted October 4, 2009 Staff ID:137661 Share Posted October 4, 2009 Hi and welcome to Malwarebytes.We need to execute an Avenger2 script.Note to users reading this topic! This script was created specifically for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.Please download The Avenger2 by Swandog46.Unzip avenger.exe to your desktop.Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"Files to move:C:\WINDOWS\system32\logevent.dll | C:\Windows\System32\cngaudit.dllNow start The Avenger2 by double clicking avenger.exe on your desktop.Read the prompt that appears, and press OK.Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".Press the "Execute" button.You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.Note: It is possible that Avenger will reboot your system TWICE.Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.Next, try running MBAM.-screen317 Link to post Share on other sites More sharing options...
GeekMom Posted October 4, 2009 Author ID:137946 Share Posted October 4, 2009 ////////////////////////////////////////// Avenger Pre-Processor log//////////////////////////////////////////Platform: Windows NT 6.0 (build 6000)Sun Oct 04 14:07:04 200914:07:04: Error: Invalid script. A valid script must begin with a command directive.Aborting execution!//////////////////////////////////////////Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows Vista*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File move operation "C:\WINDOWS\system32\logevent.dll|C:\Windows\System32\cngaudit.dll" completed successfully.Completed script processing.*******************Finished! Terminate. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 6, 2009 Staff ID:138646 Share Posted October 6, 2009 Update MBAM, run a Quick Scan, and post its log.After that, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
GeekMom Posted October 6, 2009 Author ID:138932 Share Posted October 6, 2009 I am unable to update or run the program. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 6, 2009 Staff ID:138943 Share Posted October 6, 2009 Skip that step then. Link to post Share on other sites More sharing options...
GeekMom Posted October 6, 2009 Author ID:138952 Share Posted October 6, 2009 OK I am currently running the combofix. Link to post Share on other sites More sharing options...
GeekMom Posted October 7, 2009 Author ID:138997 Share Posted October 7, 2009 ComboFix 09-10-06.03 - Becca 10/06/2009 19:43.1.2 - NTFSx86Microsoft Link to post Share on other sites More sharing options...
Staff screen317 Posted October 7, 2009 Staff ID:139501 Share Posted October 7, 2009 Hi,First, I notice that you are using more than one antivirus program (McAfee and Norton). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.Let me know which you decided to remove.Also, I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerViewpoint ToolbarLet me know if you decided to uninstall it.After all of that, restart your computer and run ComboFix again; post its log. See if MBAM will run now.-screen317 Link to post Share on other sites More sharing options...
GeekMom Posted October 8, 2009 Author ID:139536 Share Posted October 8, 2009 I did rerun combofix and am attaching the results. I was unable to uninstall either of my antivirus programs. I can't access add/remove. ComboFix 09-10-06.03 - Becca 10/07/2009 20:42.2.2 - NTFSx86Microsoft Link to post Share on other sites More sharing options...
Staff screen317 Posted October 8, 2009 Staff ID:140014 Share Posted October 8, 2009 I can't access add/remove.What happens when you try to??Depending on which you would like to remove, follow one of the links below:McAfee:Download the McAfee Removal Tool.Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.Norton:Norton Removal Tool-screen317 Link to post Share on other sites More sharing options...
GeekMom Posted October 10, 2009 Author ID:140621 Share Posted October 10, 2009 What happens when you try to??Nothing happens, I click and it doesn't open and no error messages appeared.When I tried to download either program I received an error message and was no allowed to download.c:/users/Becca/AppData/local/microsoft/windows/temporary internet files/ContentIE5/42Q33NCO/MCPR[1].exeThe specified procedure could not be found. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2009 Staff ID:141077 Share Posted October 10, 2009 c:/users/Becca/AppData/local/microsoft/windows/temporary internet files/ContentIE5/42Q33NCO/MCPR[1].exeThe specified procedure could not be found.Instead of clicking OPEN from the download window, click SAVE and save it to your Desktop. Try running it from there. Link to post Share on other sites More sharing options...
GeekMom Posted October 11, 2009 Author ID:141470 Share Posted October 11, 2009 I tried this and was unable to uninstall norton but not mcaffee.I would like to try to reinstall malwarebytes hijack this, how do I go about this? Link to post Share on other sites More sharing options...
GeekMom Posted October 11, 2009 Author ID:141480 Share Posted October 11, 2009 ComboFix 09-10-06.03 - Becca 10/11/2009 16:07.3.2 - NTFSx86Microsoft Link to post Share on other sites More sharing options...
Staff screen317 Posted October 11, 2009 Staff ID:141532 Share Posted October 11, 2009 I would like to try to reinstall malwarebytes hijack this, how do I go about this?What do you mean? Are they not working?1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.2. Restart your computer (very important).3. Download and run this utility.4. It will ask to restart your computer (please allow it to).5. After the computer restarts, install the latest version from here.Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it. Let me know if MBAM works now.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted October 26, 2009 Staff ID:148629 Share Posted October 26, 2009 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts