Results 1 to 2 of 2

Thread: Spybot and all Virus scanners abort. Error messages. Help?

  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    1

    Exclamation

    Hi, I'm new here but I didn't know what else to do.
    Every anti-virus program I try to open (Spybot, AVG, Adaware, MalwareBytes, Avast! etc) won't open (nor in safe mode) and comes up with an error message saying: "windows cannot access the specified device path or file. You may not have appropriate permissions to access the item" although I am administrator. I've read about a lot of other people having similar problems lately but in my searches have found nothing particularly helpful.
    Please help, I'm growing increasingly frustrated.

    Sincerely, Kim.

    Stats:

    Running from: C:\Documents and Settings\Kim\My Documents\Downloads\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Kim\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\addins\addins

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13.tmp\ZAP13.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP263.tmp\ZAP263.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28.tmp\ZAP28.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38.tmp\ZAP38.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A.tmp\ZAP3A.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C.tmp\ZAP3C.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\mui\mui

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

    [1] 2004-08-04 23:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

    [1] 2008-04-14 11:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

    [1] 2008-04-14 11:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



    Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PIF\PIF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\system32\eventlog.dll

    [1] 2004-08-04 23:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

    [1] 2008-04-14 11:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

    [1] 2008-04-14 11:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

    [2] 2008-04-14 11:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



    Cannot access: C:\WINDOWS\system32\MRT.exe

    [1] 2009-08-28 14:38:22 24689600 C:\WINDOWS\system32\MRT.exe ()



    Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^
    ==============================
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Last edited by tashi; 2009-10-08 at 18:04. Reason: Merged 2 posts as per forum FAQ, link provided :-)

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hello,

    • Download The Avenger by Swandog46 from here.
    • Unzip/extract it to a folder on your desktop.
    • Double click on avenger.exe to run The Avenger.
    • Click OK.
    • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
    • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
      Code:
      Files to move:
      C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll
    • In the avenger window, click the Paste Script from Clipboard, button.
    • Click the Execute button.
    • You will be asked Are you sure you want to execute the current script?.
    • Click Yes.
    • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
    • Click Yes.
    • Your PC will now be rebooted.
    • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
    • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
    • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
    • Please post this log in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •