Sign In
Create Account
1
I am attempting to help fix a laptop that currently is infected w/ a few different malware programs. I've attempted to clean off Windows Anti Virus Pro and AntiSpyware Pro, and there's also atleast one or two others on here as well from what I can tell.
I am unable to use malware bytes for more than 5 seconds, denies me access when trying to re-open. I am unable to run a log w/ HJT as well. I am however, able to run win32kdiag.exe and here is the report from that.
Log file is located at: C:\Documents and Settings\Kim Robb\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929969\KB929969
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\tsclientmsitrans\tsclientmsitrans
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\l2schemas\l2schemas
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Prefetch\Prefetch
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SMINST\APPS\DTA\DTA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SMINST\DRV\DTA\DTA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\bits\bits
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\system.sav\system.sav
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{09CAD02B-7833-4A59-9123-2F237669133D}\{09CAD02B-7833-4A59-9123-2F237669133D}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks\Juniper Networks
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\en\en
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 17:00:00 63488 C:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-04 17:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Macromed\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\scripting\scripting
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Toy Story Mania! Screensaver dir\Toy Story Mania! Screensaver dir
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\mca49.tmp\mca49.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\mca4A.tmp\mca4A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\SiteAdvisor\SiteAdvisor
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu10cc.tmp\slu10cc.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1316.tmp\slu1316.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1353.tmp\slu1353.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu137e.tmp\slu137e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu141a.tmp\slu141a.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu147e.tmp\slu147e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1578.tmp\slu1578.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu15a2.tmp\slu15a2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu15c4.tmp\slu15c4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu170e.tmp\slu170e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1833.tmp\slu1833.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu18a2.tmp\slu18a2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu18b7.tmp\slu18b7.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu19a9.tmp\slu19a9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1a63.tmp\slu1a63.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1b42.tmp\slu1b42.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1bc5.tmp\slu1bc5.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1c9b.tmp\slu1c9b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1cf8.tmp\slu1cf8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1d3.tmp\slu1d3.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1d9a.tmp\slu1d9a.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1df0.tmp\slu1df0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1f0f.tmp\slu1f0f.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu1f8a.tmp\slu1f8a.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu208e.tmp\slu208e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu20dd.tmp\slu20dd.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu218f.tmp\slu218f.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2271.tmp\slu2271.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu248a.tmp\slu248a.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu24b9.tmp\slu24b9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2549.tmp\slu2549.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2604.tmp\slu2604.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu262c.tmp\slu262c.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2651.tmp\slu2651.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2758.tmp\slu2758.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2814.tmp\slu2814.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu286d.tmp\slu286d.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2a18.tmp\slu2a18.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2a82.tmp\slu2a82.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2c7a.tmp\slu2c7a.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu2e31.tmp\slu2e31.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3083.tmp\slu3083.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu30e6.tmp\slu30e6.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu33a5.tmp\slu33a5.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3479.tmp\slu3479.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3485.tmp\slu3485.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3518.tmp\slu3518.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu355c.tmp\slu355c.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu363b.tmp\slu363b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu36a4.tmp\slu36a4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu36f6.tmp\slu36f6.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3714.tmp\slu3714.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu376e.tmp\slu376e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu384b.tmp\slu384b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu39cd.tmp\slu39cd.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3a92.tmp\slu3a92.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3bb4.tmp\slu3bb4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3c9f.tmp\slu3c9f.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3d41.tmp\slu3d41.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3d8b.tmp\slu3d8b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3d9e.tmp\slu3d9e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3f32.tmp\slu3f32.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu3f50.tmp\slu3f50.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu40a.tmp\slu40a.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu40b9.tmp\slu40b9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu42e6.tmp\slu42e6.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4361.tmp\slu4361.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu43c4.tmp\slu43c4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu44c9.tmp\slu44c9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu450e.tmp\slu450e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu468c.tmp\slu468c.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4789.tmp\slu4789.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4831.tmp\slu4831.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4867.tmp\slu4867.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu48d3.tmp\slu48d3.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4b09.tmp\slu4b09.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4dfb.tmp\slu4dfb.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4efa.tmp\slu4efa.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu4f67.tmp\slu4f67.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5051.tmp\slu5051.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu507b.tmp\slu507b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5264.tmp\slu5264.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5274.tmp\slu5274.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu54a6.tmp\slu54a6.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5558.tmp\slu5558.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu562.tmp\slu562.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu578f.tmp\slu578f.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5a7d.tmp\slu5a7d.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5a92.tmp\slu5a92.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5b4.tmp\slu5b4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5d17.tmp\slu5d17.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu5db2.tmp\slu5db2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6204.tmp\slu6204.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu62b7.tmp\slu62b7.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu62c4.tmp\slu62c4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu62cd.tmp\slu62cd.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu64db.tmp\slu64db.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6517.tmp\slu6517.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6656.tmp\slu6656.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6703.tmp\slu6703.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu67ce.tmp\slu67ce.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6809.tmp\slu6809.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu682e.tmp\slu682e.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu690b.tmp\slu690b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6939.tmp\slu6939.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu699b.tmp\slu699b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu69fb.tmp\slu69fb.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6af0.tmp\slu6af0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6c06.tmp\slu6c06.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6df9.tmp\slu6df9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6f55.tmp\slu6f55.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6f5f.tmp\slu6f5f.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6f70.tmp\slu6f70.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6f77.tmp\slu6f77.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu6ff2.tmp\slu6ff2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7142.tmp\slu7142.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu72.tmp\slu72.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu72f4.tmp\slu72f4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu73.tmp\slu73.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu738f.tmp\slu738f.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu73f5.tmp\slu73f5.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7422.tmp\slu7422.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7499.tmp\slu7499.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu74da.tmp\slu74da.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu75b1.tmp\slu75b1.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu78fc.tmp\slu78fc.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7907.tmp\slu7907.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu799a.tmp\slu799a.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu79a6.tmp\slu79a6.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7a00.tmp\slu7a00.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7cfa.tmp\slu7cfa.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7d80.tmp\slu7d80.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu7fc4.tmp\slu7fc4.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slu881.tmp\slu881.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\sludfe.tmp\sludfe.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\slued9.tmp\slued9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\temp\UPD4C.tmp\UPD4C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!
I'm pretty sure i'm dealing with a root kit on this one as it has multiple infections and I'm definitely in over my head on this one.
Back to top
#2
Posted 31 August 2009 - 11:08 AM
-
- Experts
-
- 387 posts
True Member
- Gender:Male
- Location:Manchester UK
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
- Please Read All Instructions Carefully
- If you don't understand something, stop and ask! Don't keep going on.
- Please do not run any other tools or scans whilst I am helping you
- Failure to reply within 5 days will result in the topic being closed.
- Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
- You must download it to and run it from your Desktop
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply
- Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Quote
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
PM's for help will be ignored
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
