Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Staff Sign In
Sign Up

Resolved Malware Removal Logs

cannot run Malwarebytes

serensnipe

By serensnipe
August 21, 2009 in Resolved Malware Removal Logs

Share

Recommended Posts

serensnipe

serensnipe

Posted August 21, 2009

- Share

Posted August 21, 2009

(DESCRIPTION) i have encountered some sort of malware, but it wont let me use any anitmalware/antivirus. i have tried downloading malwarebytes. but it freezes and i cant exit the setup. it is stuck in the middle of the screen untill i restart... please i am in need of some assistance/advice on how to remove this infection. <_< any way that is possible (EXCLUDING REFORMATING...)

Link to post

Share on other sites

serensnipe

serensnipe

Posted August 21, 2009

Author

- Share

Posted August 21, 2009

i cannot run malwarebytes and also.. this is what i got when i tried to do win32kdiag.exe

Any help/advice?

Starting up...

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA

P15CB.tmp\ZAP15CB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA

P25E.tmp\ZAP25E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA

P7B.tmp\ZAP7B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\000021095110

90400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\000021099100

90400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A100

90400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B100

90400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100

A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100

C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F2

31838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C6

48A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3

D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary

ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporar

y ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoi

nt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKU

s

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Do

wnloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867

bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb

4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\154fcf8f21f41

37d09271267cc1c5727\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33

978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b026489924040

8ce315fe572c84c0e59\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b212

11a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf0471ca1f3f1

2affe6c8fea1ffc6ddb\cf0471ca1f3f12affe6c8fea1ffc6ddb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba57

09df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system\New Folder\New Folder

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2799858091-249677

3224-320642624-1006\S-1-5-21-2799858091-2496773224-320642624-1006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2799858091-249677

3224-320642624-1007\S-1-5-21-2799858091-2496773224-320642624-1007

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2799858091-249677

3224-320642624-1008\S-1-5-21-2799858091-2496773224-320642624-1008

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2799858091-249677

3224-320642624-1009\S-1-5-21-2799858091-2496773224-320642624-1009

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2799858091-249677

3224-320642624-1011\S-1-5-21-2799858091-2496773224-320642624-1011

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\{31391EF3-B3AC-4F12-94D8-D

C2DA45E9526}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\Credentials\S-1-5-21-2799858091-2496773224-320642624-500\S-1-5-21-

2799858091-2496773224-320642624-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-8

61567501-1078081533-725345543-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Deskt

op

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Application Data\Google\Google Desktop\bdb073a547dc\bdb073a547dc

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Application Data\Microsoft\Credentials\S-1-5-21-2799858091-2496773224-32064262

4-500\S-1-5-21-2799858091-2496773224-320642624-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543

-500\S-1-5-21-861567501-1078081533-725345543-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Application Data\Musicmatch\Jukebox\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHo

od

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\Pri

ntHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Start Menu\Pr

ograms\Windows Antivirus Pro\Windows Antivirus Pro

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (

Microsoft Corporation)

Win32kdiag.exe cannot run... blah blah blah... Corrupt file...

Link to post

Share on other sites

Katana

Posted August 25, 2009

- Share

Posted August 25, 2009

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Sorry for the delay, we are quite busy at the moment.

Please delete the copy of Win32kDiag.exe that you have and do the following

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Malwarebytes' Anti-Malware

Start MalwareBytes AntiMalware
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
[*]When the update is complete, select the Scanner tab
[*]Select Perform full scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Link to post

Share on other sites

Root Admin

AdvancedSetup

Posted August 31, 2009

Root Admin

- Share

Posted August 31, 2009

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post

Share on other sites

Guest

This topic is now closed to further replies.

Share

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.

×

×

Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

IPS spam blocked by CleanTalk.