Jump to content

Malwarebytes won't run


Lorgeo
 Share

Recommended Posts

Hello All,

I seem to be yet another victim of this rootkit infection. I am running xp pro sp3, and Malwarebytes will not run nor will any other tools it seems. I also ran win32diag....can someone please help me out with this?

Thanks.

Log file is located at: C:\Documents and Settings\Sharon Lornie\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ADDINS\ADDINS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\AlertView\AlertView

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\AllertEula\AllertEula

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\ClientApplicationFrameWork\ClientApplicationFrameWork

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\EUSWUtil\EUSWUtil

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\NotifyAlert\NotifyAlert

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\Protocol\Protocol

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP370.tmp\ZAP370.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP450.tmp\ZAP450.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP46F.tmp\ZAP46F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP489.tmp\ZAP489.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\ecimuhyjut.db

[1] 2009-08-29 22:51:28 14753 C:\WINDOWS\ecimuhyjut.db ()

Cannot access: C:\WINDOWS\esobyham._sy

[1] 2009-08-21 14:20:17 11682 C:\WINDOWS\esobyham._sy ()

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\hudusa.sys

[1] 2009-08-29 22:51:28 11080 C:\WINDOWS\hudusa.sys ()

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.