Jump to content

Recommended Posts

I followed your directions and here are the results:

1) Downloaded Defogger. It ran (Disable) and I selelcted finish (no errors). However, it never asked for a reboot, so, I did it manually.

2) Downloaded and ran DDS. A DOS screen popped up and closed within 3 seconds. The log files (DDS.txt and Attach.txt) were never generated. Perhaps I missed one of the script blockers. Please advise were these are found.

3) Downloaded and ran GMER Rootkit Scanner. It ran for about 15 minutes and than shut down.

I tried to run it again and got this error message:

"Windows cannot access the specified device, path, or file. You may not have the appropiate permissions to access the item"

This is the same message it get when I try and run Malwarebytes a second time from the desktop icon.

Also, tried to delete the GMER icon from desktop and received this error:

"Cannot delete whlk6go9: Access denied

Make sure the disk is not full or write protected and that the file is not currently in use"

Again, this is the same message I recieve with other antivirus software, but I can remove in them in control panel and then reinstall. However, nothing works!

What else can I do?

Thank you

Link to post
Share on other sites

Hi, DownHillSkier :)

:blink:

Seems that you are experiencing problems with file permissions. Can you post the Operating System running and whether it is a 32-bit or 64-bit system?

Download Win32kDiag.exe from any of the following links to your desktop:

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

http://rootrepeal.psikotick.com/Win32kDiag.exe

Run it, it will create a file "Win32kDiag.txt" on the desktop. Post its report in a reply.

Link to post
Share on other sites

The OS is Windows XP 32 professional with sp3.

I ran the program you suggested Win32KDiag.exe.

Attached is the file. I was watching it for about 15 minutes and it appeared to keep repeating.

Hope this helps, and THANK you for helping me with this issue.

I followed your directions and here are the results:

1) Downloaded Defogger. It ran (Disable) and I selelcted finish (no errors). However, it never asked for a reboot, so, I did it manually.

2) Downloaded and ran DDS. A DOS screen popped up and closed within 3 seconds. The log files (DDS.txt and Attach.txt) were never generated. Perhaps I missed one of the script blockers. Please advise were these are found.

3) Downloaded and ran GMER Rootkit Scanner. It ran for about 15 minutes and than shut down.

I tried to run it again and got this error message:

"Windows cannot access the specified device, path, or file. You may not have the appropiate permissions to access the item"

This is the same message it get when I try and run Malwarebytes a second time from the desktop icon.

Also, tried to delete the GMER icon from desktop and received this error:

"Cannot delete whlk6go9: Access denied

Make sure the disk is not full or write protected and that the file is not currently in use"

Again, this is the same message I recieve with other antivirus software, but I can remove in them in control panel and then reinstall. However, nothing works!

What else can I do?

Thank you

Win32kDiag.txt

Link to post
Share on other sites

Click on Start -> Run... and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"C:\Rob\Win32kDiag.exe" -f -r

You must allow enough time for the program to complete. The report will end with the word "Finished".

Link to post
Share on other sites

Below is the Win32KDiag.txt file:

Running from: C:\Rob\Win32kDiag.exe

Log file at : C:\Documents and Settings\Robert K\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...

Found mount point : C:\WINNT\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Cannot access: C:\WINNT\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\43fb223dd070b3aa4f2d807de00e9723\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\43fb223dd070b3aa4f2d807de00e9723\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\5e5aab0184cde550e4ba21f1d2bd377e\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\5e5aab0184cde550e4ba21f1d2bd377e\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\75cd10bc79782317976e2a857798ad9f\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\75cd10bc79782317976e2a857798ad9f\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\d8ef7c8f90f509563f255df3e967b057\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\d8ef7c8f90f509563f255df3e967b057\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\da7fee2d51e2e59bdd47cb9e03387bcc\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\da7fee2d51e2e59bdd47cb9e03387bcc\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Cannot access: C:\WINNT\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe

Attempting to restore permissions of : C:\WINNT\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe

Cannot access: C:\WINNT\system32\dumprep.exe

Attempting to restore permissions of : C:\WINNT\system32\dumprep.exe

Cannot access: C:\WINNT\system32\MRT.exe

Attempting to restore permissions of : C:\WINNT\system32\MRT.exe

Cannot access: C:\WINNT\system32\scecli.dll

Attempting to restore permissions of : C:\WINNT\system32\scecli.dll

[1] 2004-08-04 01:56:44 180224 C:\WINNT\$NtServicePackUninstall$\scecli.dll (Microsoft Corporation)

[1] 2003-06-20 06:00:00 114448 C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 181248 C:\WINNT\ServicePackFiles\i386\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 60928 C:\WINNT\system32\scecli.dll ()

[2] 2008-04-13 18:12:05 181248 C:\WINNT\system32\sceclt.dll (Microsoft Corporation)

Cannot access: C:\WINNT\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\WINNT\system32\wbem\wmiprvse.exe

Finished!

Click on Start -> Run... and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"C:\Rob\Win32kDiag.exe" -f -r

You must allow enough time for the program to complete. The report will end with the word "Finished".

Link to post
Share on other sites

Run "Win32kDiag.exe" once again to confirm. Allow enough time for the application to finish. It will create a file "Win32kDiag.txt" on the desktop. Post its contents.

Download this program:

http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe

Drag each of the exe files that you are unable to run into Inherit.exe. For example:

Copy Inherit.exe to C:\Program Files\Malwarebytes' Anti-Malware, then drag and drop MBAM.exe into it. Wait for it to say "OK" and run MBAM.exe and post its report.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30

    [*]Under the Custom Scan box paste this in

    netsvcs

    msconfig

    safebootminimal

    safebootnetwork

    %SYSTEMDRIVE%\*.*

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    [*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

Link to post
Share on other sites

Okay, here we go.....

1) Ran Win32KDiag.exe. Ran much faster than first time and file much smaller. Unfortunately, I am in the office and the .txt file is home, so I can't post it. Will do if needed tomorrow.

2) Downloaded Inherit.exe and copied into c:program Files\Malwarebytes' Anti-Malware. Than dragged MBAM.exe into it. Receive this error:

"Windows Script Host

Can't find script engine "VBScript" for Script "C:\Documents and Settings\Rob K\Local Settings\Temp\info.vbs".

3) Than downloaded OTL to desktop, made the edits as indicated, pasted script into Custom scan and ran it.

However, Notepad is gone frpm my computer, therefore never recieved the files OTL.txt or Extras.txt.

As an attempted remedy, I changed the program to open .txt files in Word in folder options. Still produced no .txt files.

At this point I was very frustrated, so I ran ComboFix. It delete files and folders of some strange antivirus software (Something like "Ad ware professional") .Not the Adaware from Lavasoft we are familar with.

Than, I re-installed MalwareBytes, and IT RAN!!!!!!!!!!

It found a rootkit (TDDSS, I think) and 8 other files assosicated with the files Combofix deleted.

Than ran a full scan, and found another rootkit and some other stuff.

I am not sure this has fixed it. I am still getting errors when I try to run or delete some programs on my desktop that you asked me to download. For example, received this error when I tried to delete OTL.exe from desktop:

"Error

Cannot delete OTL.exe: Access is denied. Make sure the disk is not full or write protected and that

the file is not currently in use".

Also, HiJack this will not run.

Sorry, I did not post the actual files. I forgot to bring USB stick with me today. Still, this is the first time since I got MalwareBytes to run!

Any suggestion on how to proceed?

Thanks for your help

Run "Win32kDiag.exe" once again to confirm. Allow enough time for the application to finish. It will create a file "Win32kDiag.txt" on the desktop. Post its contents.

Download this program:

http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe

Drag each of the exe files that you are unable to run into Inherit.exe. For example:

Copy Inherit.exe to C:\Program Files\Malwarebytes' Anti-Malware, then drag and drop MBAM.exe into it. Wait for it to say "OK" and run MBAM.exe and post its report.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30

    [*]Under the Custom Scan box paste this in

    netsvcs

    msconfig

    safebootminimal

    safebootnetwork

    %SYSTEMDRIVE%\*.*

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    [*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

Link to post
Share on other sites

I need to see all these reports, especially the Win32KDiag report.

Drag those exe files into Inherit.exe such as, OTL.exe and Hijackthis.exe. It should restore the permissions. Then attempt to run the application. If not, after dropping the files into inherit.exe, remove and reinstall the applications.

MBAM logs are always available. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Combofix will save the report in the C:\ folder.

Link to post
Share on other sites

I have all files you requested (WinK32Diag.txt, OLT.txt, Extras.txt and MalwareBytes Logs). However, when I copied them here, the Forum said my post was too long.

I will zip OLT.txt and Extras.txt and include as an attachment.

Running from: F:\Forum\Win32kDiag.exe

Log file at : C:\Documents and Settings\Rob K\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...

Finished!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/11/2010 11:48:27 PM

mbam-log-2010-05-11 (23-48-27).txt

Scan type: Quick scan

Objects scanned: 124759

Time elapsed: 9 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\valueableshoppingtips.valueableshoppingtips (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\valueableshoppingtips.valueableshoppingtips.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\ValueableShoppingTips.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Adware Professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ValueableShoppingTips (Adware.PlayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\Adware Professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.

Files Infected:

C:\WINNT\system32\drivers\rppbdmcqpfviuksm.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Adware Professional\Uninstall Adware Professional .lnk (Rogue.AdwarePro) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/12/2010 6:50:25 AM

mbam-log-2010-05-12 (06-50-25).txt

Scan type: Full scan (C:\|)

Objects scanned: 176074

Time elapsed: 1 hour(s), 6 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\Program Files\Adware Professional\nutilities.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINNT\system32\scecli.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{194E8605-F2D6-4C99-9F5C-59984A886ED8}\RP5\A0000534.dll (Rogue.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{194E8605-F2D6-4C99-9F5C-59984A886ED8}\RP5\A0000539.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/12/2010 6:42:40 PM

mbam-log-2010-05-12 (18-42-40).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 230382

Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

E:\WINDOWS\TEMP\GLB8313.TMP (Adware.BonziBuddy) -> Quarantined and deleted successfully.

E:\WINDOWS\TEMP\GLBB005.TMP (Adware.BonziBuddy) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/12/2010 12:00:39 AM

mbam-log-2010-05-12 (00-00-39).txt

Scan type: Quick scan

Objects scanned: 124729

Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I need to see all these reports, especially the Win32KDiag report.

Drag those exe files into Inherit.exe such as, OTL.exe and Hijackthis.exe. It should restore the permissions. Then attempt to run the application. If not, after dropping the files into inherit.exe, remove and reinstall the applications.

MBAM logs are always available. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Combofix will save the report in the C:\ folder.

OTL_Extras.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.