Possible Malware preventing me from running malware removal tools

Klepton · Jun 20, 2010

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:

Kestrel13! · Jun 21, 2010

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
Click to expand...

After clicking Fix exit HJT.

Klepton · Jun 21, 2010

Well, there are definitely some virii on it. I have tried to update and run Avira Antivirus Free Personal Edition, since it was already installed. However, it only gets around 60-70% of the scan when it causes the system to reboot. At around 10% of the scan it finds 6 detections and 2 warnings. The last detection it finds is some sort of "Java" virus.

The problem I'm having now, is that it is no longer booting up. I keep getting the following error:

Windows Boot Manager

A recent hardware of software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

If you have a Windows installation disc, insert the disc and restart your computer. Click "Repair your computer," and then choose a recovery tool.

Otherwise, to start Windows so you can investigate further, press the Enter key to display the boot menu, press F8 for Advanced Boot Options, ad select Last Known Good. If you understand why the digitial signature cannot be verified and want to start Windows normally without this file, temporarily disable driver signature enforcement.

File: \Windows\system32\winload.exe

Status: 0xc0000428

Info: Windows cannot verify the digital signature for this file
Click to expand...

I only have an option to for "ENTER=Continue" or "ESC=Exit"

I've tried both "ENTER" and "ESC" and it just loops back to this error.

Kestrel13! · Jun 21, 2010

So just to be clear, you can no longer boot up in normal or safe mode?

Klepton · Jun 21, 2010

Correct. I can no longer boot up at all. I keep getting the "Windows Boot Manager" error I described previously... :confused

Kestrel13! · Jun 21, 2010

I think you ought to visit the software forum first to sort out any non malware related issues that you are having. Then come back here once your system is more stable where we can continue on if necessary.

Log in or Sign up

Possible Malware preventing me from running malware removal tools

Klepton Private E-2

Attached Files:

SASlog.txt

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Klepton Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Klepton Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Log in or Sign up

Possible Malware preventing me from running malware removal tools

Klepton Private E-2

Attached Files:

SASlog.txt

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Klepton Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Klepton Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Useful Searches