Page 1 of 4 1234 LastLast
Results 1 to 10 of 35

Thread: Help please

  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    25

    Default Help please

    So whatever I have has disabled Spybot, so I can't disable the tea timer, and canceled out the Hijack this as it was working. It also won't let me use Microsoft's malicious software removal tool. Don't know what to do from here, usually a computer wiz but this is really eating me. It's also infected my Windows Live Messenger so it won't work anymore. Any help would be greatly appreciated, thanks.

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Hiryuu24

    Welcome to Safer Networking.

    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.





    Please download RootRepeal one of these locations and save it to your desktop
    Here
    Here
    Here
    • Open on your desktop.
    • Click the tab.
    • Click the button.
    • Check just these boxes:
    • Push Ok
    • Check the box for your main system drive (Usually C:, and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Oct 2009
    Posts
    25

    Default

    Root Repeal txt:
    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/10/23 17:48
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xAA0E6000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7B93000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xF6BE3000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: win32k.sys:1
    Image Path: C:\WINDOWS\win32k.sys:1
    Address: 0xF79A3000 Size: 20480 File Visible: No Signed: -
    Status: -

    Name: win32k.sys:2
    Image Path: C:\WINDOWS\win32k.sys:2
    Address: 0xF6BB3000 Size: 61440 File Visible: No Signed: -
    Status: -

    SSDT
    -------------------
    #: 025 Function Name: NtClose
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa1496b8

    #: 041 Function Name: NtCreateKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa149574

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa149a52

    #: 068 Function Name: NtDuplicateObject
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa14914c

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa14964e

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa14908c

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa1490f0

    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa14976e

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa14972e

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa1498ae

    ==EOF==

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Your infected with a nasty Rootkit that is preventing most malware and virus programs from running. This can be difficult to remove but can be done.

    After you run this program leave it on your desktop

    Download and run Win32kDiag:
    1. Download Win32kDiag from any of the following locations and save it to your Desktop.
    2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
    3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
    4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Oct 2009
    Posts
    25

    Default

    It's already been running for about an hour, how long should this take?

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    It should only take a minute or so, close it out and delete it and redownload it and try it again
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Oct 2009
    Posts
    25

    Default

    It keeps going to Cannot Access: and then goes over MULTIPLE files that take about 5-10 minutes to scan each, and won't stop.

    Here is the scan after about five minutes:
    Running from: C:\Documents and Settings\Kaitlyn Clinkscales\My Documents\Downloads\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Kaitlyn Clinkscales\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\addins\addins

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP159.tmp\ZAP159.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP173.tmp\ZAP173.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B.tmp\ZAP1B.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F.tmp\ZAP1F.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp\ZAP23.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP239.tmp\ZAP239.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24.tmp\ZAP24.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25.tmp\ZAP25.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp\ZAP257.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26.tmp\ZAP26.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA9.tmp\ZAPA9.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF3.tmp\ZAPF3.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF7.tmp\ZAPF7.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Cache\Cache

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\mui\mui

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\system32\eventlog.dll

    [1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

    [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

    [1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

    [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent(2).dll (Microsoft Corporation)

    [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



    Cannot access: C:\WINDOWS\system32\MRT.exe

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats fine, make sure its still on your desktop.


    Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
    "%userprofile%\desktop\win32kdiag.exe" -f -r
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Oct 2009
    Posts
    25

    Default

    Running from: C:\Documents and Settings\Kaitlyn Clinkscales\desktop\win32kdiag.exe

    Log file at : C:\Documents and Settings\Kaitlyn Clinkscales\Desktop\Win32kDiag.txt

    Removing all found mount points.

    Attempting to reset file permissions.

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\addins\addins

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\addins\addins

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP159.tmp\ZAP159.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP159.tmp\ZAP159.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP173.tmp\ZAP173.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP173.tmp\ZAP173.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B.tmp\ZAP1B.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B.tmp\ZAP1B.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F.tmp\ZAP1F.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F.tmp\ZAP1F.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp\ZAP23.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp\ZAP23.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP239.tmp\ZAP239.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP239.tmp\ZAP239.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24.tmp\ZAP24.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24.tmp\ZAP24.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25.tmp\ZAP25.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25.tmp\ZAP25.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp\ZAP257.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp\ZAP257.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26.tmp\ZAP26.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26.tmp\ZAP26.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA9.tmp\ZAPA9.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA9.tmp\ZAPA9.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF3.tmp\ZAPF3.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF3.tmp\ZAPF3.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF7.tmp\ZAPF7.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF7.tmp\ZAPF7.tmp

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\temp\temp

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\tmp\tmp

    Found mount point : C:\WINDOWS\Cache\Cache

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Cache\Cache

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Config\Config

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\shared\res\res

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\java\classes\classes

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\java\trustlib\trustlib

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Found mount point : C:\WINDOWS\mui\mui

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\mui\mui

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

    Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

    Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

    Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

    Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

    Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

    Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

    Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Cannot access: C:\WINDOWS\system32\eventlog.dll

    Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

    [1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

    [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

    [1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

    [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent(2).dll (Microsoft Corporation)

    [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



    Cannot access: C:\WINDOWS\system32\MRT.exe

    Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

    Cannot access: C:\WINDOWS\system32\wbem\SET11.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET11.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET11E.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET11E.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET126.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET126.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET128.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET128.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET133.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET133.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET15F.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET15F.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET16.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET16.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET18.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET18.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET18A.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET18A.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET19.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET19.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET1A.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET1A.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET1B.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET1B.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET1F.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET1F.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET25.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET25.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET26.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET26.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET261.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET261.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET26D.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET26D.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET31.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET31.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET32.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET32.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET37.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET37.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET38D.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET38D.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET39.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET39.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET42A.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET42A.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET43.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET43.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET4E.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET4E.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET57.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET57.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET6.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET6.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET7.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET7.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET7B.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET7B.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET7C.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET7C.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET8.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET8.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SET9.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SET9.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETA.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETA.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETAC.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETAC.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETB.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETB.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETBF.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETBF.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETCB.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETCB.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETD.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETD.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETD3.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETD3.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETD7.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETD7.tmp

    Cannot access: C:\WINDOWS\system32\wbem\SETE.tmp

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\SETE.tmp

    Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

    Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

    Found mount point : C:\WINDOWS\Temp\History\Results\Results

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Temp\History\Results\Results

    Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

    Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



    Finished!

  10. #10
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great,

    Please download exeHelper to your desktop.

    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •