Jump to content

Multi Infection - Can't run MBAM, HJT


kryxx
 Share

Recommended Posts

I am attempting to help fix a laptop that currently is infected w/ a few different malware programs. I've attempted to clean off Windows Anti Virus Pro and AntiSpyware Pro, and there's also atleast one or two others on here as well from what I can tell.

I am unable to use malware bytes for more than 5 seconds, denies me access when trying to re-open. I am unable to run a log w/ HJT as well. I am however, able to run win32kdiag.exe and here is the report from that.

Log file is located at: C:\Documents and Settings\Kim Robb\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929969\KB929969

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\tsclientmsitrans\tsclientmsitrans

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\l2schemas\l2schemas

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Prefetch\Prefetch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SMINST\APPS\DTA\DTA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SMINST\DRV\DTA\DTA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\bits\bits

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\system.sav\system.sav

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\{09CAD02B-7833-4A59-9123-2F237669133D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks\Juniper Networks

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\en\en

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 17:00:00 63488 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-04 17:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\scripting\scripting

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Toy Story Mania! Screensaver dir\Toy Story Mania! Screensaver dir

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\mca49.tmp\mca49.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\mca4A.tmp\mca4A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\SiteAdvisor\SiteAdvisor

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu10cc.tmp\slu10cc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1316.tmp\slu1316.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1353.tmp\slu1353.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu137e.tmp\slu137e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu141a.tmp\slu141a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu147e.tmp\slu147e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1578.tmp\slu1578.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu15a2.tmp\slu15a2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu15c4.tmp\slu15c4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu170e.tmp\slu170e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1833.tmp\slu1833.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu18a2.tmp\slu18a2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu18b7.tmp\slu18b7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu19a9.tmp\slu19a9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1a63.tmp\slu1a63.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1b42.tmp\slu1b42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1bc5.tmp\slu1bc5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1c9b.tmp\slu1c9b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1cf8.tmp\slu1cf8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1d3.tmp\slu1d3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1d9a.tmp\slu1d9a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1df0.tmp\slu1df0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1f0f.tmp\slu1f0f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu1f8a.tmp\slu1f8a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu208e.tmp\slu208e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu20dd.tmp\slu20dd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu218f.tmp\slu218f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2271.tmp\slu2271.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu248a.tmp\slu248a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu24b9.tmp\slu24b9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2549.tmp\slu2549.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2604.tmp\slu2604.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu262c.tmp\slu262c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2651.tmp\slu2651.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2758.tmp\slu2758.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2814.tmp\slu2814.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu286d.tmp\slu286d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2a18.tmp\slu2a18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2a82.tmp\slu2a82.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2c7a.tmp\slu2c7a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu2e31.tmp\slu2e31.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3083.tmp\slu3083.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu30e6.tmp\slu30e6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu33a5.tmp\slu33a5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3479.tmp\slu3479.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3485.tmp\slu3485.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3518.tmp\slu3518.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu355c.tmp\slu355c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu363b.tmp\slu363b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu36a4.tmp\slu36a4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu36f6.tmp\slu36f6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3714.tmp\slu3714.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu376e.tmp\slu376e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu384b.tmp\slu384b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu39cd.tmp\slu39cd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3a92.tmp\slu3a92.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3bb4.tmp\slu3bb4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3c9f.tmp\slu3c9f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3d41.tmp\slu3d41.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3d8b.tmp\slu3d8b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3d9e.tmp\slu3d9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3f32.tmp\slu3f32.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu3f50.tmp\slu3f50.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu40a.tmp\slu40a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu40b9.tmp\slu40b9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu42e6.tmp\slu42e6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4361.tmp\slu4361.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu43c4.tmp\slu43c4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu44c9.tmp\slu44c9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu450e.tmp\slu450e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu468c.tmp\slu468c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4789.tmp\slu4789.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4831.tmp\slu4831.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4867.tmp\slu4867.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu48d3.tmp\slu48d3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4b09.tmp\slu4b09.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4dfb.tmp\slu4dfb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4efa.tmp\slu4efa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu4f67.tmp\slu4f67.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5051.tmp\slu5051.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu507b.tmp\slu507b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5264.tmp\slu5264.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5274.tmp\slu5274.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu54a6.tmp\slu54a6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5558.tmp\slu5558.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu562.tmp\slu562.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu578f.tmp\slu578f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5a7d.tmp\slu5a7d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5a92.tmp\slu5a92.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5b4.tmp\slu5b4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5d17.tmp\slu5d17.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu5db2.tmp\slu5db2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6204.tmp\slu6204.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu62b7.tmp\slu62b7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu62c4.tmp\slu62c4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu62cd.tmp\slu62cd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu64db.tmp\slu64db.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6517.tmp\slu6517.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6656.tmp\slu6656.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6703.tmp\slu6703.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu67ce.tmp\slu67ce.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6809.tmp\slu6809.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu682e.tmp\slu682e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu690b.tmp\slu690b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6939.tmp\slu6939.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu699b.tmp\slu699b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu69fb.tmp\slu69fb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6af0.tmp\slu6af0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6c06.tmp\slu6c06.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6df9.tmp\slu6df9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6f55.tmp\slu6f55.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6f5f.tmp\slu6f5f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6f70.tmp\slu6f70.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6f77.tmp\slu6f77.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu6ff2.tmp\slu6ff2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7142.tmp\slu7142.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu72.tmp\slu72.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu72f4.tmp\slu72f4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu73.tmp\slu73.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu738f.tmp\slu738f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu73f5.tmp\slu73f5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7422.tmp\slu7422.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7499.tmp\slu7499.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu74da.tmp\slu74da.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu75b1.tmp\slu75b1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu78fc.tmp\slu78fc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7907.tmp\slu7907.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu799a.tmp\slu799a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu79a6.tmp\slu79a6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7a00.tmp\slu7a00.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7cfa.tmp\slu7cfa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7d80.tmp\slu7d80.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu7fc4.tmp\slu7fc4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slu881.tmp\slu881.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\sludfe.tmp\sludfe.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\slued9.tmp\slued9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\temp\UPD4C.tmp\UPD4C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

I'm pretty sure i'm dealing with a root kit on this one as it has multiple infections and I'm definitely in over my head on this one.

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.